Add an I2C bus driver for virtio para-virtualization.
The controller can be emulated by the backend driver in
any device model software by following the virtio protocol.
This driver communicates with the backend driver through a
virtio I2C message structure which includes following parts:
- Header: i2c_msg addr, flags, len.
- Data buffer: the pointer to the I2C msg data.
- Status: the processing result from the backend.
People may implement different backend drivers to emulate
different controllers according to their needs. A backend
example can be found in the device model of the open source
project ACRN. For more information, please refer to
https://projectacrn.org.
The virtio device ID 34 is used for this I2C adpter since IDs
before 34 have been reserved by other virtio devices.
Co-developed-by: Conghui Chen <[email protected]>
Signed-off-by: Conghui Chen <[email protected]>
Signed-off-by: Jie Deng <[email protected]>
Reviewed-by: Shuo Liu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
---
The device ID request:
https://github.com/oasis-tcs/virtio-spec/issues/85
Changes in v2:
- Addressed comments received from Michael, Andy and Jason.
drivers/i2c/busses/Kconfig | 11 ++
drivers/i2c/busses/Makefile | 3 +
drivers/i2c/busses/i2c-virtio.c | 271 ++++++++++++++++++++++++++++++++++++++++
include/uapi/linux/virtio_ids.h | 1 +
4 files changed, 286 insertions(+)
create mode 100644 drivers/i2c/busses/i2c-virtio.c
diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig
index 293e7a0..70c8e30 100644
--- a/drivers/i2c/busses/Kconfig
+++ b/drivers/i2c/busses/Kconfig
@@ -21,6 +21,17 @@ config I2C_ALI1535
This driver can also be built as a module. If so, the module
will be called i2c-ali1535.
+config I2C_VIRTIO
+ tristate "Virtio I2C Adapter"
+ depends on VIRTIO
+ help
+ If you say yes to this option, support will be included for the virtio
+ i2c adapter driver. The hardware can be emulated by any device model
+ software according to the virtio protocol.
+
+ This driver can also be built as a module. If so, the module
+ will be called i2c-virtio.
+
config I2C_ALI1563
tristate "ALI 1563"
depends on PCI
diff --git a/drivers/i2c/busses/Makefile b/drivers/i2c/busses/Makefile
index 19aff0e..821acfa 100644
--- a/drivers/i2c/busses/Makefile
+++ b/drivers/i2c/busses/Makefile
@@ -6,6 +6,9 @@
# ACPI drivers
obj-$(CONFIG_I2C_SCMI) += i2c-scmi.o
+# VIRTIO I2C host controller driver
+obj-$(CONFIG_I2C_VIRTIO) += i2c-virtio.o
+
# PC SMBus host controller drivers
obj-$(CONFIG_I2C_ALI1535) += i2c-ali1535.o
obj-$(CONFIG_I2C_ALI1563) += i2c-ali1563.o
diff --git a/drivers/i2c/busses/i2c-virtio.c b/drivers/i2c/busses/i2c-virtio.c
new file mode 100644
index 0000000..aff1a9a
--- /dev/null
+++ b/drivers/i2c/busses/i2c-virtio.c
@@ -0,0 +1,271 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Virtio I2C Bus Driver
+ *
+ * Copyright (c) 2020 Intel Corporation. All rights reserved.
+ */
+
+#include <linux/acpi.h>
+#include <linux/completion.h>
+#include <linux/err.h>
+#include <linux/i2c.h>
+#include <linux/io.h>
+#include <linux/jiffies.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/platform_device.h>
+#include <linux/wait.h>
+
+#include <linux/virtio.h>
+#include <linux/virtio_ids.h>
+#include <linux/virtio_config.h>
+
+#define VIRTIO_I2C_MSG_OK 0
+#define VIRTIO_I2C_MSG_ERR 1
+
+/**
+ * struct virtio_i2c_hdr - the virtio I2C message header structure
+ * @addr: i2c_msg addr, the slave address
+ * @flags: i2c_msg flags
+ * @len: i2c_msg len
+ */
+struct virtio_i2c_hdr {
+ __le16 addr;
+ __le16 flags;
+ __le16 len;
+};
+
+/**
+ * struct virtio_i2c_msg - the virtio I2C message structure
+ * @hdr: the virtio I2C message header
+ * @buf: virtio I2C message data buffer
+ * @status: the processing result from the backend
+ */
+struct virtio_i2c_msg {
+ struct virtio_i2c_hdr hdr;
+ u8 *buf;
+ u8 status;
+};
+
+/**
+ * struct virtio_i2c - virtio I2C data
+ * @vdev: virtio device for this controller
+ * @completion: completion of virtio I2C message
+ * @vmsg: the virtio I2C message for communication
+ * @adap: I2C adapter for this controller
+ * @i2c_lock: lock for virtqueue processing
+ * @vq: the virtio virtqueue for communication
+ */
+struct virtio_i2c {
+ struct virtio_device *vdev;
+ struct completion completion;
+ struct virtio_i2c_msg vmsg;
+ struct i2c_adapter adap;
+ struct mutex i2c_lock;
+ struct virtqueue *vq;
+};
+
+static void virtio_i2c_msg_done(struct virtqueue *vq)
+{
+ struct virtio_i2c *vi = vq->vdev->priv;
+
+ complete(&vi->completion);
+}
+
+static int virtio_i2c_add_msg(struct virtqueue *vq,
+ struct virtio_i2c_msg *vmsg,
+ struct i2c_msg *msg)
+{
+ struct scatterlist *sgs[3], hdr, bout, bin, status;
+ int outcnt = 0, incnt = 0;
+
+ if (!msg->len)
+ return -EINVAL;
+
+ vmsg->hdr.addr = cpu_to_le16(msg->addr);
+ vmsg->hdr.flags = cpu_to_le16(msg->flags);
+ vmsg->hdr.len = cpu_to_le16(msg->len);
+
+ vmsg->buf = kzalloc(msg->len, GFP_KERNEL);
+ if (!vmsg->buf)
+ return -ENOMEM;
+
+ sg_init_one(&hdr, &vmsg->hdr, sizeof(struct virtio_i2c_hdr));
+ sgs[outcnt++] = &hdr;
+ if (msg->flags & I2C_M_RD) {
+ sg_init_one(&bin, vmsg->buf, msg->len);
+ sgs[outcnt + incnt++] = &bin;
+ } else {
+ memcpy(vmsg->buf, msg->buf, msg->len);
+ sg_init_one(&bout, vmsg->buf, msg->len);
+ sgs[outcnt++] = &bout;
+ }
+ sg_init_one(&status, &vmsg->status, sizeof(vmsg->status));
+ sgs[outcnt + incnt++] = &status;
+
+ return virtqueue_add_sgs(vq, sgs, outcnt, incnt, vmsg, GFP_KERNEL);
+}
+
+static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
+{
+ struct virtio_i2c *vi = i2c_get_adapdata(adap);
+ struct virtqueue *vq = vi->vq;
+ struct virtio_i2c_msg *vmsg;
+ unsigned long time_left;
+ int len, i, ret = 0;
+
+ mutex_lock(&vi->i2c_lock);
+ vmsg = &vi->vmsg;
+ vmsg->buf = NULL;
+
+ for (i = 0; i < num; i++) {
+ ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
+ if (ret) {
+ dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
+ break;
+ }
+
+ virtqueue_kick(vq);
+
+ time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
+ if (!time_left) {
+ dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
+ break;
+ }
+
+ vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
+ if (vmsg) {
+ /* vmsg should point to the same address with &vi->vmsg */
+ if (vmsg != &vi->vmsg) {
+ dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
+ i, le16_to_cpu(vmsg->hdr.addr));
+ break;
+ }
+ if (vmsg->status != VIRTIO_I2C_MSG_OK) {
+ dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
+ i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
+ break;
+ }
+ if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
+ memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
+
+ kfree(vmsg->buf);
+ vmsg->buf = NULL;
+ }
+
+ reinit_completion(&vi->completion);
+ }
+
+ mutex_unlock(&vi->i2c_lock);
+ kfree(vmsg->buf);
+ return ((ret < 0) ? ret : i);
+}
+
+static void virtio_i2c_del_vqs(struct virtio_device *vdev)
+{
+ vdev->config->reset(vdev);
+ vdev->config->del_vqs(vdev);
+}
+
+static int virtio_i2c_setup_vqs(struct virtio_i2c *vi)
+{
+ struct virtio_device *vdev = vi->vdev;
+
+ vi->vq = virtio_find_single_vq(vdev, virtio_i2c_msg_done, "msg");
+ return PTR_ERR_OR_ZERO(vi->vq);
+}
+
+static u32 virtio_i2c_func(struct i2c_adapter *adap)
+{
+ return I2C_FUNC_I2C | I2C_FUNC_SMBUS_EMUL;
+}
+
+static struct i2c_algorithm virtio_algorithm = {
+ .master_xfer = virtio_i2c_xfer,
+ .functionality = virtio_i2c_func,
+};
+
+static struct i2c_adapter virtio_adapter = {
+ .owner = THIS_MODULE,
+ .name = "Virtio I2C Adapter",
+ .class = I2C_CLASS_DEPRECATED,
+ .algo = &virtio_algorithm,
+};
+
+static int virtio_i2c_probe(struct virtio_device *vdev)
+{
+ struct device *pdev = vdev->dev.parent;
+ struct virtio_i2c *vi;
+ int ret;
+
+ vi = devm_kzalloc(&vdev->dev, sizeof(*vi), GFP_KERNEL);
+ if (!vi)
+ return -ENOMEM;
+
+ vdev->priv = vi;
+ vi->vdev = vdev;
+
+ mutex_init(&vi->i2c_lock);
+ init_completion(&vi->completion);
+
+ ret = virtio_i2c_setup_vqs(vi);
+ if (ret)
+ return ret;
+
+ vi->adap = virtio_adapter;
+ i2c_set_adapdata(&vi->adap, vi);
+ vi->adap.dev.parent = &vdev->dev;
+ /* Setup ACPI node for slave devices which will be probed through ACPI */
+ ACPI_COMPANION_SET(&vi->adap.dev, ACPI_COMPANION(pdev));
+ vi->adap.timeout = HZ / 10;
+
+ ret = i2c_add_adapter(&vi->adap);
+ if (ret) {
+ virtio_i2c_del_vqs(vdev);
+ dev_err(&vdev->dev, "failed to add virtio-i2c adapter.\n");
+ }
+
+ return ret;
+}
+
+static void virtio_i2c_remove(struct virtio_device *vdev)
+{
+ struct virtio_i2c *vi = vdev->priv;
+
+ i2c_del_adapter(&vi->adap);
+ virtio_i2c_del_vqs(vdev);
+}
+
+static struct virtio_device_id id_table[] = {
+ { VIRTIO_ID_I2C_ADPTER, VIRTIO_DEV_ANY_ID },
+ {}
+};
+MODULE_DEVICE_TABLE(virtio, id_table);
+
+static int __maybe_unused virtio_i2c_freeze(struct virtio_device *vdev)
+{
+ virtio_i2c_del_vqs(vdev);
+ return 0;
+}
+
+static int __maybe_unused virtio_i2c_restore(struct virtio_device *vdev)
+{
+ return virtio_i2c_setup_vqs(vdev->priv);
+}
+
+static struct virtio_driver virtio_i2c_driver = {
+ .id_table = id_table,
+ .probe = virtio_i2c_probe,
+ .remove = virtio_i2c_remove,
+ .driver = {
+ .name = "i2c_virtio",
+ },
+#ifdef CONFIG_PM_SLEEP
+ .freeze = virtio_i2c_freeze,
+ .restore = virtio_i2c_restore,
+#endif
+};
+module_virtio_driver(virtio_i2c_driver);
+
+MODULE_DESCRIPTION("Virtio i2c bus driver");
+MODULE_LICENSE("GPL");
diff --git a/include/uapi/linux/virtio_ids.h b/include/uapi/linux/virtio_ids.h
index b052355..398ef2d 100644
--- a/include/uapi/linux/virtio_ids.h
+++ b/include/uapi/linux/virtio_ids.h
@@ -48,5 +48,6 @@
#define VIRTIO_ID_FS 26 /* virtio filesystem */
#define VIRTIO_ID_PMEM 27 /* virtio pmem */
#define VIRTIO_ID_MAC80211_HWSIM 29 /* virtio mac80211-hwsim */
+#define VIRTIO_ID_I2C_ADPTER 34 /* virtio i2c adpter */
#endif /* _LINUX_VIRTIO_IDS_H */
--
2.7.4
On 9/10/20 8:48 PM, Jie Deng wrote:
> diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig
> index 293e7a0..70c8e30 100644
> --- a/drivers/i2c/busses/Kconfig
> +++ b/drivers/i2c/busses/Kconfig
> @@ -21,6 +21,17 @@ config I2C_ALI1535
> This driver can also be built as a module. If so, the module
> will be called i2c-ali1535.
>
> +config I2C_VIRTIO
> + tristate "Virtio I2C Adapter"
> + depends on VIRTIO
> + help
> + If you say yes to this option, support will be included for the virtio
> + i2c adapter driver. The hardware can be emulated by any device model
I2C
preferably
> + software according to the virtio protocol.
> +
> + This driver can also be built as a module. If so, the module
> + will be called i2c-virtio.
> +
> config I2C_ALI1563
> tristate "ALI 1563"
> depends on PCI
thanks.
--
~Randy
On 2020/9/11 11:53, Randy Dunlap wrote:
> On 9/10/20 8:48 PM, Jie Deng wrote:
>> diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig
>> index 293e7a0..70c8e30 100644
>> --- a/drivers/i2c/busses/Kconfig
>> +++ b/drivers/i2c/busses/Kconfig
>> @@ -21,6 +21,17 @@ config I2C_ALI1535
>> This driver can also be built as a module. If so, the module
>> will be called i2c-ali1535.
>>
>> +config I2C_VIRTIO
>> + tristate "Virtio I2C Adapter"
>> + depends on VIRTIO
>> + help
>> + If you say yes to this option, support will be included for the virtio
>> + i2c adapter driver. The hardware can be emulated by any device model
> I2C
> preferably
>
I will fix this typo. Thank you.
>> + software according to the virtio protocol.
>> +
>> + This driver can also be built as a module. If so, the module
>> + will be called i2c-virtio.
>> +
>> config I2C_ALI1563
>> tristate "ALI 1563"
>> depends on PCI
>
> thanks.
On 2020/9/11 上午11:48, Jie Deng wrote:
> Add an I2C bus driver for virtio para-virtualization.
>
> The controller can be emulated by the backend driver in
> any device model software by following the virtio protocol.
>
> This driver communicates with the backend driver through a
> virtio I2C message structure which includes following parts:
>
> - Header: i2c_msg addr, flags, len.
> - Data buffer: the pointer to the I2C msg data.
> - Status: the processing result from the backend.
>
> People may implement different backend drivers to emulate
> different controllers according to their needs. A backend
> example can be found in the device model of the open source
> project ACRN. For more information, please refer to
> https://projectacrn.org.
>
> The virtio device ID 34 is used for this I2C adpter since IDs
> before 34 have been reserved by other virtio devices.
>
> Co-developed-by: Conghui Chen <[email protected]>
> Signed-off-by: Conghui Chen <[email protected]>
> Signed-off-by: Jie Deng <[email protected]>
> Reviewed-by: Shuo Liu <[email protected]>
> Reviewed-by: Andy Shevchenko <[email protected]>
> ---
> The device ID request:
> https://github.com/oasis-tcs/virtio-spec/issues/85
>
> Changes in v2:
> - Addressed comments received from Michael, Andy and Jason.
>
> drivers/i2c/busses/Kconfig | 11 ++
> drivers/i2c/busses/Makefile | 3 +
> drivers/i2c/busses/i2c-virtio.c | 271 ++++++++++++++++++++++++++++++++++++++++
> include/uapi/linux/virtio_ids.h | 1 +
> 4 files changed, 286 insertions(+)
> create mode 100644 drivers/i2c/busses/i2c-virtio.c
>
> diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig
> index 293e7a0..70c8e30 100644
> --- a/drivers/i2c/busses/Kconfig
> +++ b/drivers/i2c/busses/Kconfig
> @@ -21,6 +21,17 @@ config I2C_ALI1535
> This driver can also be built as a module. If so, the module
> will be called i2c-ali1535.
>
> +config I2C_VIRTIO
> + tristate "Virtio I2C Adapter"
> + depends on VIRTIO
> + help
> + If you say yes to this option, support will be included for the virtio
> + i2c adapter driver. The hardware can be emulated by any device model
> + software according to the virtio protocol.
> +
> + This driver can also be built as a module. If so, the module
> + will be called i2c-virtio.
> +
> config I2C_ALI1563
> tristate "ALI 1563"
> depends on PCI
> diff --git a/drivers/i2c/busses/Makefile b/drivers/i2c/busses/Makefile
> index 19aff0e..821acfa 100644
> --- a/drivers/i2c/busses/Makefile
> +++ b/drivers/i2c/busses/Makefile
> @@ -6,6 +6,9 @@
> # ACPI drivers
> obj-$(CONFIG_I2C_SCMI) += i2c-scmi.o
>
> +# VIRTIO I2C host controller driver
> +obj-$(CONFIG_I2C_VIRTIO) += i2c-virtio.o
> +
> # PC SMBus host controller drivers
> obj-$(CONFIG_I2C_ALI1535) += i2c-ali1535.o
> obj-$(CONFIG_I2C_ALI1563) += i2c-ali1563.o
> diff --git a/drivers/i2c/busses/i2c-virtio.c b/drivers/i2c/busses/i2c-virtio.c
> new file mode 100644
> index 0000000..aff1a9a
> --- /dev/null
> +++ b/drivers/i2c/busses/i2c-virtio.c
> @@ -0,0 +1,271 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Virtio I2C Bus Driver
> + *
> + * Copyright (c) 2020 Intel Corporation. All rights reserved.
> + */
> +
> +#include <linux/acpi.h>
> +#include <linux/completion.h>
> +#include <linux/err.h>
> +#include <linux/i2c.h>
> +#include <linux/io.h>
> +#include <linux/jiffies.h>
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/platform_device.h>
> +#include <linux/wait.h>
> +
> +#include <linux/virtio.h>
> +#include <linux/virtio_ids.h>
> +#include <linux/virtio_config.h>
> +
> +#define VIRTIO_I2C_MSG_OK 0
> +#define VIRTIO_I2C_MSG_ERR 1
> +
> +/**
> + * struct virtio_i2c_hdr - the virtio I2C message header structure
> + * @addr: i2c_msg addr, the slave address
> + * @flags: i2c_msg flags
> + * @len: i2c_msg len
> + */
> +struct virtio_i2c_hdr {
> + __le16 addr;
> + __le16 flags;
> + __le16 len;
> +};
As said in v1, this should belong to uapi.
> +
> +/**
> + * struct virtio_i2c_msg - the virtio I2C message structure
> + * @hdr: the virtio I2C message header
> + * @buf: virtio I2C message data buffer
> + * @status: the processing result from the backend
> + */
> +struct virtio_i2c_msg {
> + struct virtio_i2c_hdr hdr;
> + u8 *buf;
> + u8 status;
> +};
I'm not quite sure this is the best layout.
E.g virtio scsi differ in buffer out of out one:
structvirtio_scsi_req_cmd{
...
u8 dataout[];
...
u8 datain[];
}
And I would like to have a look at the spec patch.
Thanks
> +
> +/**
> + * struct virtio_i2c - virtio I2C data
> + * @vdev: virtio device for this controller
> + * @completion: completion of virtio I2C message
> + * @vmsg: the virtio I2C message for communication
> + * @adap: I2C adapter for this controller
> + * @i2c_lock: lock for virtqueue processing
> + * @vq: the virtio virtqueue for communication
> + */
> +struct virtio_i2c {
> + struct virtio_device *vdev;
> + struct completion completion;
> + struct virtio_i2c_msg vmsg;
> + struct i2c_adapter adap;
> + struct mutex i2c_lock;
> + struct virtqueue *vq;
> +};
> +
> +static void virtio_i2c_msg_done(struct virtqueue *vq)
> +{
> + struct virtio_i2c *vi = vq->vdev->priv;
> +
> + complete(&vi->completion);
> +}
> +
> +static int virtio_i2c_add_msg(struct virtqueue *vq,
> + struct virtio_i2c_msg *vmsg,
> + struct i2c_msg *msg)
> +{
> + struct scatterlist *sgs[3], hdr, bout, bin, status;
> + int outcnt = 0, incnt = 0;
> +
> + if (!msg->len)
> + return -EINVAL;
> +
> + vmsg->hdr.addr = cpu_to_le16(msg->addr);
> + vmsg->hdr.flags = cpu_to_le16(msg->flags);
> + vmsg->hdr.len = cpu_to_le16(msg->len);
> +
> + vmsg->buf = kzalloc(msg->len, GFP_KERNEL);
> + if (!vmsg->buf)
> + return -ENOMEM;
> +
> + sg_init_one(&hdr, &vmsg->hdr, sizeof(struct virtio_i2c_hdr));
> + sgs[outcnt++] = &hdr;
> + if (msg->flags & I2C_M_RD) {
> + sg_init_one(&bin, vmsg->buf, msg->len);
> + sgs[outcnt + incnt++] = &bin;
> + } else {
> + memcpy(vmsg->buf, msg->buf, msg->len);
> + sg_init_one(&bout, vmsg->buf, msg->len);
> + sgs[outcnt++] = &bout;
> + }
> + sg_init_one(&status, &vmsg->status, sizeof(vmsg->status));
> + sgs[outcnt + incnt++] = &status;
> +
> + return virtqueue_add_sgs(vq, sgs, outcnt, incnt, vmsg, GFP_KERNEL);
> +}
> +
> +static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> +{
> + struct virtio_i2c *vi = i2c_get_adapdata(adap);
> + struct virtqueue *vq = vi->vq;
> + struct virtio_i2c_msg *vmsg;
> + unsigned long time_left;
> + int len, i, ret = 0;
> +
> + mutex_lock(&vi->i2c_lock);
> + vmsg = &vi->vmsg;
> + vmsg->buf = NULL;
> +
> + for (i = 0; i < num; i++) {
> + ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> + if (ret) {
> + dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> + break;
> + }
> +
> + virtqueue_kick(vq);
> +
> + time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> + if (!time_left) {
> + dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> + break;
> + }
> +
> + vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> + if (vmsg) {
> + /* vmsg should point to the same address with &vi->vmsg */
> + if (vmsg != &vi->vmsg) {
> + dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> + i, le16_to_cpu(vmsg->hdr.addr));
> + break;
> + }
> + if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> + dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> + i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> + break;
> + }
> + if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> + memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> +
> + kfree(vmsg->buf);
> + vmsg->buf = NULL;
> + }
> +
> + reinit_completion(&vi->completion);
> + }
> +
> + mutex_unlock(&vi->i2c_lock);
> + kfree(vmsg->buf);
> + return ((ret < 0) ? ret : i);
> +}
> +
> +static void virtio_i2c_del_vqs(struct virtio_device *vdev)
> +{
> + vdev->config->reset(vdev);
> + vdev->config->del_vqs(vdev);
> +}
> +
> +static int virtio_i2c_setup_vqs(struct virtio_i2c *vi)
> +{
> + struct virtio_device *vdev = vi->vdev;
> +
> + vi->vq = virtio_find_single_vq(vdev, virtio_i2c_msg_done, "msg");
> + return PTR_ERR_OR_ZERO(vi->vq);
> +}
> +
> +static u32 virtio_i2c_func(struct i2c_adapter *adap)
> +{
> + return I2C_FUNC_I2C | I2C_FUNC_SMBUS_EMUL;
> +}
> +
> +static struct i2c_algorithm virtio_algorithm = {
> + .master_xfer = virtio_i2c_xfer,
> + .functionality = virtio_i2c_func,
> +};
> +
> +static struct i2c_adapter virtio_adapter = {
> + .owner = THIS_MODULE,
> + .name = "Virtio I2C Adapter",
> + .class = I2C_CLASS_DEPRECATED,
> + .algo = &virtio_algorithm,
> +};
> +
> +static int virtio_i2c_probe(struct virtio_device *vdev)
> +{
> + struct device *pdev = vdev->dev.parent;
> + struct virtio_i2c *vi;
> + int ret;
> +
> + vi = devm_kzalloc(&vdev->dev, sizeof(*vi), GFP_KERNEL);
> + if (!vi)
> + return -ENOMEM;
> +
> + vdev->priv = vi;
> + vi->vdev = vdev;
> +
> + mutex_init(&vi->i2c_lock);
> + init_completion(&vi->completion);
> +
> + ret = virtio_i2c_setup_vqs(vi);
> + if (ret)
> + return ret;
> +
> + vi->adap = virtio_adapter;
> + i2c_set_adapdata(&vi->adap, vi);
> + vi->adap.dev.parent = &vdev->dev;
> + /* Setup ACPI node for slave devices which will be probed through ACPI */
> + ACPI_COMPANION_SET(&vi->adap.dev, ACPI_COMPANION(pdev));
> + vi->adap.timeout = HZ / 10;
> +
> + ret = i2c_add_adapter(&vi->adap);
> + if (ret) {
> + virtio_i2c_del_vqs(vdev);
> + dev_err(&vdev->dev, "failed to add virtio-i2c adapter.\n");
> + }
> +
> + return ret;
> +}
> +
> +static void virtio_i2c_remove(struct virtio_device *vdev)
> +{
> + struct virtio_i2c *vi = vdev->priv;
> +
> + i2c_del_adapter(&vi->adap);
> + virtio_i2c_del_vqs(vdev);
> +}
> +
> +static struct virtio_device_id id_table[] = {
> + { VIRTIO_ID_I2C_ADPTER, VIRTIO_DEV_ANY_ID },
> + {}
> +};
> +MODULE_DEVICE_TABLE(virtio, id_table);
> +
> +static int __maybe_unused virtio_i2c_freeze(struct virtio_device *vdev)
> +{
> + virtio_i2c_del_vqs(vdev);
> + return 0;
> +}
> +
> +static int __maybe_unused virtio_i2c_restore(struct virtio_device *vdev)
> +{
> + return virtio_i2c_setup_vqs(vdev->priv);
> +}
> +
> +static struct virtio_driver virtio_i2c_driver = {
> + .id_table = id_table,
> + .probe = virtio_i2c_probe,
> + .remove = virtio_i2c_remove,
> + .driver = {
> + .name = "i2c_virtio",
> + },
> +#ifdef CONFIG_PM_SLEEP
> + .freeze = virtio_i2c_freeze,
> + .restore = virtio_i2c_restore,
> +#endif
> +};
> +module_virtio_driver(virtio_i2c_driver);
> +
> +MODULE_DESCRIPTION("Virtio i2c bus driver");
> +MODULE_LICENSE("GPL");
> diff --git a/include/uapi/linux/virtio_ids.h b/include/uapi/linux/virtio_ids.h
> index b052355..398ef2d 100644
> --- a/include/uapi/linux/virtio_ids.h
> +++ b/include/uapi/linux/virtio_ids.h
> @@ -48,5 +48,6 @@
> #define VIRTIO_ID_FS 26 /* virtio filesystem */
> #define VIRTIO_ID_PMEM 27 /* virtio pmem */
> #define VIRTIO_ID_MAC80211_HWSIM 29 /* virtio mac80211-hwsim */
> +#define VIRTIO_ID_I2C_ADPTER 34 /* virtio i2c adpter */
>
> #endif /* _LINUX_VIRTIO_IDS_H */
On 2020/9/14 10:46, Jason Wang wrote:
>
>> +
>> +#define VIRTIO_I2C_MSG_OK 0
>> +#define VIRTIO_I2C_MSG_ERR 1
>> +
>> +/**
>> + * struct virtio_i2c_hdr - the virtio I2C message header structure
>> + * @addr: i2c_msg addr, the slave address
>> + * @flags: i2c_msg flags
>> + * @len: i2c_msg len
>> + */
>> +struct virtio_i2c_hdr {
>> + __le16 addr;
>> + __le16 flags;
>> + __le16 len;
>> +};
>
>
> As said in v1, this should belong to uapi.
>
That's right. I missed this.
I will move these things to uapi. Thanks.
>
>> +
>> +/**
>> + * struct virtio_i2c_msg - the virtio I2C message structure
>> + * @hdr: the virtio I2C message header
>> + * @buf: virtio I2C message data buffer
>> + * @status: the processing result from the backend
>> + */
>> +struct virtio_i2c_msg {
>> + struct virtio_i2c_hdr hdr;
>> + u8 *buf;
>> + u8 status;
>> +};
>
>
> I'm not quite sure this is the best layout.
>
> E.g virtio scsi differ in buffer out of out one:
>
> structvirtio_scsi_req_cmd{
> ...
> u8 dataout[];
> ...
> u8 datain[];
>
> }
>
> And I would like to have a look at the spec patch.
>
> Thanks
>
Sure. I will send the v3 along with the spec patch.
Thanks.
Hi Jie,
url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
config: parisc-randconfig-m031-20200913 (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
smatch warnings:
drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
# https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
0a54ec77196674 Jie Deng 2020-09-11 110 {
0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
0a54ec77196674 Jie Deng 2020-09-11 116
0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
0a54ec77196674 Jie Deng 2020-09-11 120
0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
0a54ec77196674 Jie Deng 2020-09-11 125 break;
0a54ec77196674 Jie Deng 2020-09-11 126 }
0a54ec77196674 Jie Deng 2020-09-11 127
0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
0a54ec77196674 Jie Deng 2020-09-11 129
0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
0a54ec77196674 Jie Deng 2020-09-11 133 break;
0a54ec77196674 Jie Deng 2020-09-11 134 }
0a54ec77196674 Jie Deng 2020-09-11 135
0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
^^^^
Check for NULL.
0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
0a54ec77196674 Jie Deng 2020-09-11 142 break;
0a54ec77196674 Jie Deng 2020-09-11 143 }
0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
0a54ec77196674 Jie Deng 2020-09-11 147 break;
0a54ec77196674 Jie Deng 2020-09-11 148 }
0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
0a54ec77196674 Jie Deng 2020-09-11 151
0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
0a54ec77196674 Jie Deng 2020-09-11 154 }
0a54ec77196674 Jie Deng 2020-09-11 155
0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
0a54ec77196674 Jie Deng 2020-09-11 157 }
0a54ec77196674 Jie Deng 2020-09-11 158
0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
^^^^^^^^^
Unchecked dereference.
0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
0a54ec77196674 Jie Deng 2020-09-11 162 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]
On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote:
> On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote:
> > Hi Jie,
> >
> > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
> > config: parisc-randconfig-m031-20200913 (attached as .config)
> > compiler: hppa-linux-gcc (GCC) 9.3.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <[email protected]>
> > Reported-by: Dan Carpenter <[email protected]>
> >
> > smatch warnings:
> > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
> >
>
> It's quite possible a false positive. Look at 122. But I agree that for-loop is
> not the best for such things to understand. Perhaps switching to do {} while ()
> will make it better.
>
Smatch is assuming that virtqueue_get_buf() can return NULL on the last
iteration through the loop.
regards,
dan carpenter
> > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
> > git remote add linux-review https://github.com/0day-ci/linux
> > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
> > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > 0a54ec77196674 Jie Deng 2020-09-11 110 {
> > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
> > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
> > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
> > 0a54ec77196674 Jie Deng 2020-09-11 116
> > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 120
> > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
> > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
> > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> > 0a54ec77196674 Jie Deng 2020-09-11 125 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 126 }
> > 0a54ec77196674 Jie Deng 2020-09-11 127
> > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
> > 0a54ec77196674 Jie Deng 2020-09-11 129
> > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
> > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> > 0a54ec77196674 Jie Deng 2020-09-11 133 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 134 }
> > 0a54ec77196674 Jie Deng 2020-09-11 135
> > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
> > ^^^^
> > Check for NULL.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
> > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
> > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
> > 0a54ec77196674 Jie Deng 2020-09-11 142 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 143 }
> > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> > 0a54ec77196674 Jie Deng 2020-09-11 147 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 148 }
> > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> > 0a54ec77196674 Jie Deng 2020-09-11 151
> > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
> > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 154 }
> > 0a54ec77196674 Jie Deng 2020-09-11 155
> > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
> > 0a54ec77196674 Jie Deng 2020-09-11 157 }
> > 0a54ec77196674 Jie Deng 2020-09-11 158
> > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
> > ^^^^^^^^^
> > Unchecked dereference.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
> > 0a54ec77196674 Jie Deng 2020-09-11 162 }
> >
> > ---
> > 0-DAY CI Kernel Test Service, Intel Corporation
> > https://lists.01.org/hyperkitty/list/[email protected]
>
>
>
> --
> With Best Regards,
> Andy Shevchenko
>
On Mon, Sep 14, 2020 at 06:47:27PM +0300, Dan Carpenter wrote:
> On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote:
> > On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote:
> > > Hi Jie,
> > >
> > > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
> > > config: parisc-randconfig-m031-20200913 (attached as .config)
> > > compiler: hppa-linux-gcc (GCC) 9.3.0
> > >
> > > If you fix the issue, kindly add following tag as appropriate
> > > Reported-by: kernel test robot <[email protected]>
> > > Reported-by: Dan Carpenter <[email protected]>
> > >
> > > smatch warnings:
> > > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
> > >
> >
> > It's quite possible a false positive. Look at 122. But I agree that for-loop is
> > not the best for such things to understand. Perhaps switching to do {} while ()
> > will make it better.
> >
>
> Smatch is assuming that virtqueue_get_buf() can return NULL on the last
> iteration through the loop.
I see now. Thanks.
> > > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
> > > git remote add linux-review https://github.com/0day-ci/linux
> > > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
> > > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
> > >
> > > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > > 0a54ec77196674 Jie Deng 2020-09-11 110 {
> > > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
> > > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
> > > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
> > > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
> > > 0a54ec77196674 Jie Deng 2020-09-11 116
> > > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
> > > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
> > > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
> > > 0a54ec77196674 Jie Deng 2020-09-11 120
> > > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
> > > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> > > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
> > > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> > > 0a54ec77196674 Jie Deng 2020-09-11 125 break;
> > > 0a54ec77196674 Jie Deng 2020-09-11 126 }
> > > 0a54ec77196674 Jie Deng 2020-09-11 127
> > > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
> > > 0a54ec77196674 Jie Deng 2020-09-11 129
> > > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> > > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
> > > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> > > 0a54ec77196674 Jie Deng 2020-09-11 133 break;
> > > 0a54ec77196674 Jie Deng 2020-09-11 134 }
> > > 0a54ec77196674 Jie Deng 2020-09-11 135
> > > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> > > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
> > > ^^^^
> > > Check for NULL.
> > >
> > > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
> > > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
> > > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> > > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
> > > 0a54ec77196674 Jie Deng 2020-09-11 142 break;
> > > 0a54ec77196674 Jie Deng 2020-09-11 143 }
> > > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> > > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> > > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> > > 0a54ec77196674 Jie Deng 2020-09-11 147 break;
> > > 0a54ec77196674 Jie Deng 2020-09-11 148 }
> > > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> > > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> > > 0a54ec77196674 Jie Deng 2020-09-11 151
> > > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
> > > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
> > > 0a54ec77196674 Jie Deng 2020-09-11 154 }
> > > 0a54ec77196674 Jie Deng 2020-09-11 155
> > > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
> > > 0a54ec77196674 Jie Deng 2020-09-11 157 }
> > > 0a54ec77196674 Jie Deng 2020-09-11 158
> > > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
> > > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
> > > ^^^^^^^^^
> > > Unchecked dereference.
> > >
> > > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
> > > 0a54ec77196674 Jie Deng 2020-09-11 162 }
> > >
> > > ---
> > > 0-DAY CI Kernel Test Service, Intel Corporation
> > > https://lists.01.org/hyperkitty/list/[email protected]
> >
> >
> >
> > --
> > With Best Regards,
> > Andy Shevchenko
> >
--
With Best Regards,
Andy Shevchenko