Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1080989imu;
        Fri, 21 Dec 2018 12:15:08 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VaoCnHcdQT01mLQyPr2gHBMg5o4PP+kF37iGqGM57njPSfbirVi+5CpoG4ggB1832h3AO8
X-Received: by 2002:a62:2606:: with SMTP id m6mr3850546pfm.133.1545423308297;
        Fri, 21 Dec 2018 12:15:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545423308; cv=none;
        d=google.com; s=arc-20160816;
        b=nW+BpEq70wyIhZFOxjcPOS2NAh/1CvaS8Pa7Dovr5VSKDcpsqEGGEKrzjwNyiWmjAy
         uJEygtRBa/tmvjnsAL7LPedXTCAE5SdISfVMFVfXYctaZ3yxOi3H3T3qXj7HD6+7ax1g
         oOGgQ9CwhX6gREEA+H0X7xNHZt6QhMQYYCfXJLBWBiZ97gGdNzRASWxF+X6QZHOvhxrk
         UKbr5EFlJUQdH8Ar4V83sG/paBCX1rojovzIYQNG6Uwf6C7UMRRIDSx0LiolSiArJOnC
         QraulQK7uCmBjkCXF0WT3rwpd3c/UrNwmU7MyKEZ/gCHPQLhyIteppDHRhYbEHPfg+EU
         lx1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=BR+PKaOjtQ8sWRQnzH0hpk1qNDgeYIpWyUCYboQRxHI=;
        b=iTqVsmWEQZss7E0bdCoMbyiyJFJ4pm4xVjI/UEtyRa0w30BCnbstJs5i/hkvfhtWFb
         XLMwlMooqqyC3vTciQyQeeyl7w8LRK6sAC5xGA/6EqF2R3sdPJD5dka8aRZ/LbcnsT+T
         BP79lBMx31cMdhgPlUdRzM+H+VA9qX9iPGHT9XAzJac8p62wAoVioTMVmOshIbSofldG
         CHjHA18PIfkDQDr5LMIpCsKABN4l2+MVU6eNsNPD27IRR4ivb/dGwgBvRWipcXWrVu7P
         BQOXyaXWQ8ZhQKbtPeSfUIkf03Nw1gmQXKdBE+Ab2CTnLhJfGlAQtMJ7nSM5G7kwqNXS
         qPZQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 8si3257602plc.88.2018.12.21.12.14.52;
        Fri, 21 Dec 2018 12:15:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388411AbeLUMMK (ORCPT <rfc822;mahoosoft4you@gmail.com>
        + 99 others); Fri, 21 Dec 2018 07:12:10 -0500
Received: from mail.bootlin.com ([62.4.15.54]:58139 "EHLO mail.bootlin.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729043AbeLUMMJ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Dec 2018 07:12:09 -0500
Received: by mail.bootlin.com (Postfix, from userid 110)
        id 103EB207AE; Fri, 21 Dec 2018 13:12:07 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.bootlin.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT,
        URIBL_BLOCKED shortcircuit=ham autolearn=disabled version=3.4.2
Received: from localhost.localdomain (aaubervilliers-681-1-38-38.w90-88.abo.wanadoo.fr [90.88.157.38])
        by mail.bootlin.com (Postfix) with ESMTPSA id B13DB2078E;
        Fri, 21 Dec 2018 13:12:06 +0100 (CET)
From:   Paul Kocialkowski <paul.kocialkowski@bootlin.com>
To:     bcm-kernel-feedback-list@broadcom.com, linux-i2c@vger.kernel.org,
        linux-rpi-kernel@lists.infradead.org,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
Cc:     Florian Fainelli <f.fainelli@gmail.com>,
        Ray Jui <rjui@broadcom.com>,
        Scott Branden <sbranden@broadcom.com>,
        Eric Anholt <eric@anholt.net>,
        Stefan Wahren <stefan.wahren@i2se.com>,
        Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Subject: [PATCH] i2c: bcm2835: Clear current message and count after a transaction
Date:   Fri, 21 Dec 2018 13:11:35 +0100
Message-Id: <20181221121135.4847-1-paul.kocialkowski@bootlin.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The driver's interrupt handler checks whether a message is currently
being handled with the curr_msg pointer. When it is NULL, the interrupt
is considered to be unexpected. Similarly, the i2c_start_transfer
routine checks for the remaining number of messages to handle in
num_msgs.

However, these values are never cleared and always keep the message and
number relevant to the latest transfer (which might be done already and
the underlying message memory might have been freed).

When an unexpected interrupt hits with the DONE bit set, the isr will
then try to access the flags field of the curr_msg structure, leading
to a fatal page fault.

Fix the issue by systematically clearing curr_msg and num_msgs in the
driver-wide device structure when a transfer is considered complete.

Signed-off-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
---
 drivers/i2c/busses/i2c-bcm2835.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/i2c/busses/i2c-bcm2835.c b/drivers/i2c/busses/i2c-bcm2835.c
index 44deae78913e..5486252f5f2f 100644
--- a/drivers/i2c/busses/i2c-bcm2835.c
+++ b/drivers/i2c/busses/i2c-bcm2835.c
@@ -298,6 +298,9 @@ static int bcm2835_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[],
 		return -ETIMEDOUT;
 	}
 
+	i2c_dev->curr_msg = NULL;
+	i2c_dev->num_msgs = 0;
+
 	if (!i2c_dev->msg_err)
 		return num;
 
-- 
2.20.1