Re: [PATCH v10] i2c: virtio: add a virtio i2c frontend driver

From: Viresh Kumar
Date: Tue Mar 23 2021 - 05:02:14 EST

Next message: Jesper Dangaard Brouer: "Re: [PATCH net-next] page_pool: let the compiler optimize and inline core functions"
Previous message: Oleg Nesterov: "Re: [PATCH V3] exit: trigger panic when global init has exited"
In reply to: Arnd Bergmann: "Re: [PATCH v10] i2c: virtio: add a virtio i2c frontend driver"
Next in thread: Viresh Kumar: "Re: [PATCH v10] i2c: virtio: add a virtio i2c frontend driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 23-03-21, 22:19, Jie Deng wrote:
> +static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> +{
> + struct virtio_i2c *vi = i2c_get_adapdata(adap);
> + struct virtqueue *vq = vi->vq;
> + struct virtio_i2c_req *reqs;
> + unsigned long time_left;
> + int ret, nr;
> +
> + reqs = kcalloc(num, sizeof(*reqs), GFP_KERNEL);
> + if (!reqs)
> + return -ENOMEM;
> +
> + mutex_lock(&vi->lock);
> +
> + ret = virtio_i2c_send_reqs(vq, reqs, msgs, num);
> + if (ret == 0)
> + goto err_unlock_free;
> +
> + nr = ret;
> + reinit_completion(&vi->completion);

I think I may have found a possible bug here. This reinit_completion() must
happen before we call virtio_i2c_send_reqs(). It is certainly possible (surely
in corner cases) that virtio_i2c_msg_done() may get called right after
virtio_i2c_send_reqs() and before we were able to call reinit_completion(). And
in that case we will never see the completion happen at all.

> + virtqueue_kick(vq);

--
viresh

Next message: Jesper Dangaard Brouer: "Re: [PATCH net-next] page_pool: let the compiler optimize and inline core functions"
Previous message: Oleg Nesterov: "Re: [PATCH V3] exit: trigger panic when global init has exited"
In reply to: Arnd Bergmann: "Re: [PATCH v10] i2c: virtio: add a virtio i2c frontend driver"
Next in thread: Viresh Kumar: "Re: [PATCH v10] i2c: virtio: add a virtio i2c frontend driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]