[PATCH linux dev-4.13 v2] fsi: occ: Add check for OCC response checksum

Eddie James eajames at linux.vnet.ibm.com
Wed May 2 00:51:25 AEST 2018 

The OCC specification indicates that it is an error scenario if the
response checksum doesn't match the sum of the bytes of the response.
The driver needs to perform this calculation and check, and return an
error if it's a mismatch.

Signed-off-by: Eddie James <eajames at linux.vnet.ibm.com>
---
Changes since v1:
 - rename occ_check_sum() to occ_verify_checksum()
 - remove checksum field from occ_response and instead add two bytes to data
   field, with comment
 - add comment to fetching checksum from response data

 drivers/fsi/fsi-occ.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/drivers/fsi/fsi-occ.c b/drivers/fsi/fsi-occ.c
index 45ae13c..8df1c64 100644
--- a/drivers/fsi/fsi-occ.c
+++ b/drivers/fsi/fsi-occ.c
@@ -58,8 +58,7 @@ struct occ_response {
 	u8 cmd_type;
 	u8 return_status;
 	__be16 data_length;
-	u8 data[OCC_RESP_DATA_BYTES];
-	__be16 checksum;
+	u8 data[OCC_RESP_DATA_BYTES + 2];	/* two bytes checksum */
 } __packed;
 
 /*
@@ -427,6 +426,27 @@ static int occ_release(struct inode *inode, struct file *file)
 	.release = occ_release,
 };
 
+static int occ_verify_checksum(struct occ_response *resp, u16 data_length)
+{
+	u16 i;
+	u16 checksum;
+	/* Fetch the two bytes after the data for the checksum. */
+	u16 checksum_resp = get_unaligned_be16(&resp->data[data_length]);
+
+	checksum = resp->seq_no;
+	checksum += resp->cmd_type;
+	checksum += resp->return_status;
+	checksum += (data_length >> 8) + (data_length & 0xFF);
+
+	for (i = 0; i < data_length; ++i)
+		checksum += resp->data[i];
+
+	if (checksum != checksum_resp)
+		return -EBADMSG;
+
+	return 0;
+}
+
 static int occ_write_sbefifo(struct sbefifo_client *client, const char *buf,
 			     ssize_t len)
 {
@@ -692,6 +712,8 @@ static void occ_worker(struct work_struct *work)
 
 	xfr->resp_data_length = resp_data_length + 7;
 
+	rc = occ_verify_checksum(resp, resp_data_length);
+
 done:
 	mutex_unlock(&occ->occ_lock);
 
-- 
1.8.3.1

More information about the openbmc mailing list