diff mbox series

i2c: fix crash with msgs is NULL points

Message ID 20230510084057.17313-1-wangyouwan@126.com
State New
Headers show
Series i2c: fix crash with msgs is NULL points | expand

Commit Message

wangyouwan@126.com May 10, 2023, 8:40 a.m. UTC 
From: youwan Wang <wangyouwan@126.com>

There is some probability that msgs is empty

Signed-off-by: youwan Wang <wangyouwan@126.com>
---
 drivers/i2c/busses/i2c-designware-master.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Mika Westerberg May 10, 2023, 9:02 a.m. UTC | #1 
On Wed, May 10, 2023 at 04:40:57PM +0800, wangyouwan@126.com wrote:
> From: youwan Wang <wangyouwan@126.com>
> 
> There is some probability that msgs is empty

What probabability 0/100? ;-) Can you point a real case when this can
happen?
Mika Westerberg May 10, 2023, 9:23 a.m. UTC | #2 
On Wed, May 10, 2023 at 05:17:04PM +0800, wangyouwan wrote:
> After waking up from sleep, 100% of the time it occurred. I suspected
> that there was a firmware issue with the machine I was debugging, but
> other machines did not notice it. Therefore, I attempted to make a
> modification here to avoid it

Okay then I suggest to investigate what causes the ->msgs to be NULL and
fix that. When the transfer function is called we expect there to be
something to be sent out so this should not happen.
Jarkko Nikula May 11, 2023, 7:01 a.m. UTC | #3 
Hi

On 5/10/23 12:23, Mika Westerberg wrote:
> 
> On Wed, May 10, 2023 at 05:17:04PM +0800, wangyouwan wrote:
>> After waking up from sleep, 100% of the time it occurred. I suspected
>> that there was a firmware issue with the machine I was debugging, but
>> other machines did not notice it. Therefore, I attempted to make a
>> modification here to avoid it
> 
> Okay then I suggest to investigate what causes the ->msgs to be NULL and
> fix that. When the transfer function is called we expect there to be
> something to be sent out so this should not happen.

Does you kernel include commit 301c8f5c32c8 ("i2c: designware: Fix 
handling of real but unexpected device interrupts")? Vanilla kernels 
after v6.1 have it and also linux-stable v5.15.75 and after.

I'm asking since issue sounds similar and wanted to clarify the kernel 
version you are using.
diff mbox series

Patch

diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c
index 55ea91a63382..e11a73fd0a41 100644
--- a/drivers/i2c/busses/i2c-designware-master.c
+++ b/drivers/i2c/busses/i2c-designware-master.c
@@ -366,12 +366,17 @@  i2c_dw_xfer_msg(struct dw_i2c_dev *dev)
 	struct i2c_msg *msgs = dev->msgs;
 	u32 intr_mask;
 	int tx_limit, rx_limit;
-	u32 addr = msgs[dev->msg_write_idx].addr;
+	u32 addr;
 	u32 buf_len = dev->tx_buf_len;
 	u8 *buf = dev->tx_buf;
 	bool need_restart = false;
 	unsigned int flr;
 
+	if (WARN_ON(!msgs))
+		return;
+
+	addr = msgs[dev->msg_write_idx].addr;
+
 	intr_mask = DW_IC_INTR_MASTER_MASK;
 
 	for (; dev->msg_write_idx < dev->msgs_num; dev->msg_write_idx++) {