Re: [PATCH v2] i2c: bcm2835: Clear current buffer pointers and counts after a transfer

From: Wolfram Sang
Date: Fri Feb 15 2019 - 03:47:37 EST

Next message: Tero Kristo: "Re: [PATCH] arm64: dts: ti: k3-am65: Add MSMC RAM node"
Previous message: Mathieu Malaterre: "Re: [PATCH] powerpc/ptrace: Add prototype for function pt_regs_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 27, 2018 at 04:42:25PM +0100, Paul Kocialkowski wrote:
> The driver's interrupt handler checks whether a message is currently
> being handled with the curr_msg pointer. When it is NULL, the interrupt
> is considered to be unexpected. Similarly, the i2c_start_transfer
> routine checks for the remaining number of messages to handle in
> num_msgs.
>
> However, these values are never cleared and always keep the message and
> number relevant to the latest transfer (which might be done already and
> the underlying message memory might have been freed).
>
> When an unexpected interrupt hits with the DONE bit set, the isr will
> then try to access the flags field of the curr_msg structure, leading
> to a fatal page fault.
>
> The msg_buf and msg_buf_remaining fields are also never cleared at the
> end of the transfer, which can lead to similar pitfalls.
>
> Fix these issues by introducing a cleanup function and always calling
> it after a transfer is finished.
>
> Fixes: e2474541032d ("i2c: bcm2835: Fix hang for writing messages larger than 16 bytes")
> Signed-off-by: Paul Kocialkowski <paul.kocialkowski@xxxxxxxxxxx>

Applied to for-current, thanks!

Attachment: signature.asc
Description: PGP signature

Next message: Tero Kristo: "Re: [PATCH] arm64: dts: ti: k3-am65: Add MSMC RAM node"
Previous message: Mathieu Malaterre: "Re: [PATCH] powerpc/ptrace: Add prototype for function pt_regs_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]