On Wed, May 20, 2020 at 04:11:18PM -0700, Harry Cutts wrote: > On Wed, 20 May 2020 at 15:27, Matthew Blecker <matthewb@xxxxxxxxxxxx> wrote: > > > > From: Matthew Blecker <matthewb@xxxxxxxxxxxx> > > > > The i2c-pseudo module provides I2C adapters backed by userspace programs. > > This allows for userspace implementations of functionality such as > > tunneling I2C through another communication channel, or mocking of real I2C > > devices whose behavior cannot be modeled with i2c-stub. > > > > Signed-off-by: Matthew Blecker <matthewb@xxxxxxxxxxxx> > > > > --- > > > > Module naming: A pseudo I2C adapter is analogous to a pseudo terminal. > > > > In the Chromium OS ecosystem we are using this for a userspace I2C adapter > > built on top of an existing userspace I2C-over-USB implementation used with > > embedded debug devices that act as I2C master to a device under test (DUT). > > This arrangement is used for interacting with I2C slaves on the DUT, > > particularly for transferring firmware to an embedded controller IC which > > receives programming via I2C. > > > > That I2C pseudo controller implementation is here: > > https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/refs/heads/master/servo/interface/i2c_pseudo.py > > I've also been using this for Chromium OS work, in this case to > present an I2C master on an MCU running our Embedded Controller system > to userspace programs transparently. (See https://crrev.com/c/2008568 > for the code, a C implementation this time.) > > > > > --- > > > > Changelog v3: > > - Replace nonseekable_open() with stream_open(). > > > > Changelog v2: > > - Fix ARCH=um compilation error from non-const strlen("literal"). > > > > --- > > > > .../i2c/pseudo-controller-interface.rst | 305 ++ > > drivers/i2c/Kconfig | 17 +- > > drivers/i2c/Makefile | 1 + > > drivers/i2c/i2c-pseudo.c | 3202 +++++++++++++++++ > > 4 files changed, 3524 insertions(+), 1 deletion(-) > > create mode 100644 Documentation/i2c/pseudo-controller-interface.rst > > create mode 100644 drivers/i2c/i2c-pseudo.c > > > > diff --git a/Documentation/i2c/pseudo-controller-interface.rst b/Documentation/i2c/pseudo-controller-interface.rst > > new file mode 100644 > > index 000000000000..444f6cb2710c > > --- /dev/null > > +++ b/Documentation/i2c/pseudo-controller-interface.rst > > @@ -0,0 +1,305 @@ > > +================= > > +i2c-pseudo driver > > +================= > > + > > +Usually I2C adapters are implemented in a kernel driver. It is also possible to > > +implement an adapter in userspace, through the /dev/i2c-pseudo-controller > > +interface. Load module i2c-pseudo for this. > > + > > +Use cases for this module include: > > + > > +- Using local I2C device drivers, particularly i2c-dev, with I2C busses on > > + remote systems. For example, interacting with a Device Under Test (DUT) > > + connected to a Linux host through a debug interface, or interacting with a > > + remote host over a network. > > + > > +- Implementing I2C device driver tests that are impractical with the i2c-stub > > + module. For example, when simulating an I2C device where its driver might > > + issue a sequence of reads and writes without interruption, and the value at a > > + certain address must change during the sequence. > > + > > +This is not intended to replace kernel drivers for actual I2C busses on the > > +local host machine. > > + > > + > > +Details > > +======= > > + > > +Each time /dev/i2c-pseudo-controller is opened, and the correct initialization > > +command is written to it (ADAPTER_START), a new I2C adapter is created. The > > +adapter will live until its file descriptor is closed. Multiple pseudo adapters > > +can co-exist simultaneously, controlled by the same or different userspace > > +processes. When an I2C device driver sends an I2C message to a pseudo adapter, > > +the message becomes readable from its file descriptor. If a reply is written > > +before the adapter timeout expires, that reply will be sent back to the I2C > > +device driver. > > + > > +Reads and writes are buffered inside i2c-pseudo such that userspace controllers > > +may split them up into arbitrarily small chunks. Multiple commands, or portions > > +of multiple commands, may be read or written together. > > + > > +Blocking I/O is the default. Non-blocking I/O is supported as well, enabled by > > +O_NONBLOCK. Polling is supported, with or without non-blocking I/O. A special > > +command (ADAPTER_SHUTDOWN) is available to unblock any pollers or blocked > > +reads or writes, as a convenience for a multi-threaded or multi-process program > > +that wants to exit. > > + > > +It is safe to access a single controller fd from multiple threads or processes > > +concurrently, though it is up to the controller to ensure proper ordering, and > > +to ensure that writes for different commands do not get interleaved. However, > > +it is recommended (not required) that controller implementations have only one > > +reader thread and one writer thread, which may or may not be the same thread. > > +Avoiding multiple readers and multiple writers greatly simplifies controller > > +implementation, and there is likely no performance benefit to be gained from > > +concurrent reads or concurrent writes due to how i2c-pseudo serializes them > > +internally. After all, on a real I2C bus only one I2C message can be active at > > +a time. > > + > > +Commands are newline-terminated, both those read from the controller device, and > > +those written to it. > > + > > + > > +Read Commands > > +============= > > + > > +The commands that may be read from a pseudo controller device are: > > + > > +---- > > + > > +:Read Command: ``I2C_ADAPTER_NUM <num>`` > > +:Example: ``"I2C_ADAPTER_NUM 5\n"`` > > +:Details: > > + | This is read in response to the GET_ADAPTER_NUM command being written. > > + The number is the I2C adapter number in decimal. This can only occur after > > + ADAPTER_START, because before that the number is not known and cannot be > > + predicted reliably. > > + > > +---- > > + > > +:Read Command: ``I2C_PSEUDO_ID <num>`` > > +:Example: ``"I2C_PSEUDO_ID 98\n"`` > > +:Details: > > + | This is read in response to the GET_PSEUDO_ID command being written. > > + The number is the pseudo ID in decimal. > > + > > +---- > > + > > +:Read Command: ``I2C_BEGIN_XFER`` > > +:Example: ``"I2C_BEGIN_XFER\n"`` > > +:Details: > > + | This indicates the start of an I2C transaction request, in other words > > + the start of the I2C messages from a single invocation of the I2C adapter's > > + master_xfer() callback. This can only occur after ADAPTER_START. > > + > > +---- > > + > > +:Read Command: ``I2C_XFER_REQ <xfer_id> <msg_id> <addr> <flags> <data_len> [<write_byte>[:...]]`` > > +:Example: ``"I2C_XFER_REQ 3 0 0x0070 0x0000 2 AB:9F\n"`` > > +:Example: ``"I2C_XFER_REQ 3 1 0x0070 0x0001 4\n"`` > > +:Details: > > + | This is a single I2C message that a device driver requested be sent on > > + the bus, in other words a single struct i2c_msg from master_xfer() msgs arg. > > + | > > + | The xfer_id is a number representing the whole I2C transaction, thus all > > + I2C_XFER_REQ between a I2C_BEGIN_XFER + I2C_COMMIT_XFER pair share an > > + xfer_id. The purpose is to ensure replies from the userspace controller are > > + always properly matched to the intended master_xfer() request. The first > > + transaction has xfer_id 0, and it increases by 1 with each transaction, > > + however it will eventually wrap back to 0 if enough transactions happen > > + during the lifetime of a pseudo adapter. It is guaranteed to have a large > > + enough maximum value such that there can never be multiple outstanding > > + transactions with the same ID, due to an internal limit in i2c-pseudo that > > + will block master_xfer() calls when the controller is falling behind in its > > + replies. > > + | > > + | The msg_id is a decimal number representing the index of the I2C message > > + within its transaction, in other words the index in master_xfer() \*msgs > > + array arg. This starts at 0 after each I2C_BEGIN_XFER. This is guaranteed > > + to not wrap. > > + | > > + | The addr is the hexadecimal I2C address for this I2C message. > > Might it be worth mentioning that this address is right-aligned (i.e. > no extra bit at the least significant end for read/write), or is that > a given in Kernel documentation? That is worth documenting here, done in v4. > > > + | > > + | The flags are the same bitmask flags used in struct i2c_msg, in hexadecimal > > + form. Of particular importance to any pseudo controller is the read bit, > > + which is guaranteed to be 0x1 per Linux I2C documentation. > > + | > > + | The data_len is the decimal number of either how many bytes to write that > > + will follow, or how many bytes to read and reply with if this is a read > > + request. > > + | > > + | If this is a read, data_len will be the final field in this command. If > > + this is a write, data_len will be followed by the given number of > > + colon-separated hexadecimal byte values, in the format shown in the example > > + above. > > + > > +---- > > + > > +:Read Command: ``I2C_COMMIT_XFER`` > > +:Example: ``"I2C_COMMIT_XFER\n"`` > > +:Details: > > + | This indicates the end of an I2C transacton request, in other words the > > Nit: s/transacton/transaction Fixed in v4. > > Reviewed-by: Harry Cutts <hcutts@xxxxxxxxxxxx> Thank you! > > Harry Cutts > Chrome OS Touch/Input team > > > + end of the I2C messages from a single invocation of the I2C adapter's > > + master_xfer() callback. This should be read exactly once after each > > + I2C_BEGIN_XFER, with a varying number of I2C_XFER_REQ between them. > > + > > + > > +Write Commands > > +============== > > + > > +The commands that may be written to a pseudo controller device are: > > + > > + > > +:Write Command: ``SET_ADAPTER_NAME_SUFFIX <suffix>`` > > +:Example: ``"SET_ADAPTER_NAME_SUFFIX My Adapter\n"`` > > +:Details: > > + | Sets a suffix to append to the auto-generated I2C adapter name. Only > > + valid before ADAPTER_START. A space or other separator character will be > > + placed between the auto-generated name and the suffix, so there is no need > > + to include a leading separator in the suffix. If the resulting name is too > > + long for the I2C adapter name field, it will be quietly truncated. > > + > > +---- > > + > > +:Write Command: ``SET_ADAPTER_TIMEOUT_MS <ms>`` > > +:Example: ``"SET_ADAPTER_TIMEOUT_MS 2000\n"`` > > +:Details: > > + | Sets the timeout in milliseconds for each I2C transaction, in other words > > + for each master_xfer() reply. Only valid before ADAPTER_START. The I2C > > + subsystem will automatically time out transactions based on this setting. > > + Set to 0 to use the I2C subsystem default timeout. The default timeout for > > + new pseudo adapters where this command has not been used is configurable at > > + i2c-pseudo module load time, and itself has a default independent from the > > + I2C subsystem default. (If the i2c-pseudo module level default is set to 0, > > + that has the same meaning as here.) > > + > > +---- > > + > > +:Write Command: ``ADAPTER_START`` > > +:Example: ``"ADAPTER_START\n"`` > > +:Details: > > + | Tells i2c-pseudo to actually create the I2C adapter. Only valid once per > > + open controller fd. > > + > > +---- > > + > > +:Write Command: ``GET_ADAPTER_NUM`` > > +:Example: ``"GET_ADAPTER_NUM\n"`` > > +:Details: > > + | Asks i2c-pseudo for the number assigned to this I2C adapter by the I2C > > + subsystem. Only valid after ADAPTER_START, because before that the number > > + is not known and cannot be predicted reliably. > > + > > +---- > > + > > +:Write Command: ``GET_PSEUDO_ID`` > > +:Example: ``"GET_PSEUDO_ID\n"`` > > +:Details: > > + | Asks i2c-pseudo for the pseudo ID of this I2C adapter. The pseudo ID will > > + not be reused for the lifetime of the i2c-pseudo module, unless an internal > > + counter wraps. I2C clients can use this to track specific instances of > > + pseudo adapters, even when adapter numbers have been reused. > > + > > +---- > > + > > +:Write Command: ``I2C_XFER_REPLY <xfer_id> <msg_id> <addr> <flags> <errno> [<read_byte>[:...]]`` > > +:Example: ``"I2C_XFER_REPLY 3 0 0x0070 0x0000 0\n"`` > > +:Example: ``"I2C_XFER_REPLY 3 1 0x0070 0x0001 0 0B:29:02:D9\n"`` > > +:Details: > > + | This is how a pseudo controller can reply to I2C_XFER_REQ. Only valid > > + after I2C_XFER_REQ. A pseudo controller should write one of these for each > > + I2C_XFER_REQ it reads, including for failures, so that I2C device drivers > > + need not wait for the adapter timeout upon failure (if failure is known > > + sooner). > > + | > > + | The fields in common with I2C_XFER_REQ have their same meanings, and their > > + values are expected to exactly match what was read in the I2C_XFER_REQ > > + command that this is in reply to. > > + | > > + | The errno field is how the pseudo controller indicates success or failure > > + for this I2C message. A 0 value indicates success. A non-zero value > > + indicates a failure. Pseudo controllers are encouraged to use errno values > > + to encode some meaning in a failure response, but that is not a requirement, > > + and the I2C adapter interface does not provide a way to pass per-message > > + errno values to a device driver anyways. > > + | > > + | Pseudo controllers are encouraged to reply in the same order as messages > > + were received, however i2c-pseudo will properly match up out-of-order > > + replies with their original requests. > > + > > +---- > > + > > +:Write Command: ``ADAPTER_SHUTDOWN`` > > +:Example: ``"ADAPTER_SHUTDOWN\n"`` > > +:Details: > > + | This tells i2c-pseudo that the pseudo controller wants to shutdown and > > + intends to close the controller device fd soon. Use of this is OPTIONAL, it > > + is perfectly valid to close the controller device fd without ever using this > > + command. > > + | > > + | This commands unblocks any blocked controller I/O (reads, writes, or polls), > > + and that is its main purpose. > > + | > > + | Any I2C transactions attempted by a device driver after this command will > > + fail, and will not be passed on to the userspace controller. > > + | > > + | This DOES NOT delete the I2C adapter. Only closing the fd will do that. > > + That MAY CHANGE in the future, such that this does delete the I2C adapter. > > + (However this will never be required, it will always be okay to simply close > > + the fd.) > > + > > + > > +Example userspace controller code > > +================================= > > + > > +In C, a simple exchange between i2c-pseudo and userspace might look like the > > +example below. Note that for brevity this lacks any error checking and > > +handling, which a real pseudo controller implementation should have. > > + > > +:: > > + > > + int fd; > > + char buf[1<<12]; > > + > > + fd = open("/dev/i2c-pseudo-controller", O_RDWR); > > + /* Create the I2C adapter. */ > > + dprintf(fd, "ADAPTER_START\n"); > > + > > + /* > > + * Pretend this I2C adapter number is 5, and the first I2C xfer sent to it was > > + * from this command (using its i2c-dev interface): > > + * $ i2cset -y 5 0x70 0xC2 > > + * > > + * Then this read would place the following into *buf: > > + * "I2C_BEGIN_XFER\n" > > + * "I2C_XFER_REQ 0 0 0x0070 0x0000 1 C2\n" > > + * "I2C_COMMIT_XFER\n" > > + */ > > + read(fd, buf, sizeof(buf)); > > + > > + /* This reply would allow the i2cset command above to exit successfully. */ > > + dprintf(fd, "I2C_XFER_REPLY 0 0 0x0070 0x0000 0\n"); > > + > > + /* > > + * Now pretend the next I2C xfer sent to this adapter was from: > > + * $ i2cget -y 5 0x70 0xAB > > + * > > + * Then this read would place the following into *buf: > > + * "I2C_BEGIN_XFER\n" > > + * "I2C_XFER_REQ 1 0 0x0070 0x0000 1 AB\n" > > + * "I2C_XFER_REQ 1 1 0x0070 0x0001 1\n'" > > + * "I2C_COMMIT_XFER\n" > > + */ > > + read(fd, buf, sizeof(buf)); > > + > > + /* > > + * These replies would allow the i2cget command above to print the following to > > + * stdout and exit successfully: > > + * 0x0b > > + * > > + * Note that it is also valid to write these together in one write(). > > + */ > > + dprintf(fd, "I2C_XFER_REPLY 1 0 0x0070 0x0000 0\n"); > > + dprintf(fd, "I2C_XFER_REPLY 1 1 0x0070 0x0001 0 0B\n"); > > + > > + /* Destroy the I2C adapter. */ > > + close(fd); > > diff --git a/drivers/i2c/Kconfig b/drivers/i2c/Kconfig > > index 1474e57ecafc..78a6f909718a 100644 > > --- a/drivers/i2c/Kconfig > > +++ b/drivers/i2c/Kconfig > > @@ -56,7 +56,7 @@ config I2C_CHARDEV > > programs use the I2C bus. Information on how to do this is > > contained in the file <file:Documentation/i2c/dev-interface.rst>. > > > > - This support is also available as a module. If so, the module > > + This support is also available as a module. If so, the module > > will be called i2c-dev. > > > > config I2C_MUX > > @@ -98,6 +98,21 @@ config I2C_SMBUS > > source "drivers/i2c/algos/Kconfig" > > source "drivers/i2c/busses/Kconfig" > > > > +config I2C_PSEUDO > > + tristate "I2C userspace adapter interface" > > + depends on m > > + default 'n' > > + help > > + Say Y here to have an i2c-pseudo-controller device file, usually > > + found in the /dev directory on your system. This makes it > > + possible to have user-space programs implement an I2C bus > > + (I2C adapter in kernel lingo). Information on how to do this is > > + contained in the file <file:Documentation/i2c/i2c-pseudo>. > > + > > + This support is only available as a module, called i2c-pseudo. > > + > > + If you don't know what to do here, definitely say N. > > + > > config I2C_STUB > > tristate "I2C/SMBus Test Stub" > > depends on m > > diff --git a/drivers/i2c/Makefile b/drivers/i2c/Makefile > > index bed6ba63c983..07d7bfea7358 100644 > > --- a/drivers/i2c/Makefile > > +++ b/drivers/i2c/Makefile > > @@ -14,6 +14,7 @@ obj-$(CONFIG_I2C_SMBUS) += i2c-smbus.o > > obj-$(CONFIG_I2C_CHARDEV) += i2c-dev.o > > obj-$(CONFIG_I2C_MUX) += i2c-mux.o > > obj-y += algos/ busses/ muxes/ > > +obj-$(CONFIG_I2C_PSEUDO) += i2c-pseudo.o > > obj-$(CONFIG_I2C_STUB) += i2c-stub.o > > obj-$(CONFIG_I2C_SLAVE_EEPROM) += i2c-slave-eeprom.o > > > > diff --git a/drivers/i2c/i2c-pseudo.c b/drivers/i2c/i2c-pseudo.c > > new file mode 100644 > > index 000000000000..e409fac581d3 > > --- /dev/null > > +++ b/drivers/i2c/i2c-pseudo.c > > @@ -0,0 +1,3202 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +/* > > + * This Linux kernel module implements pseudo I2C adapters that can be backed > > + * by userspace programs. This allows for implementing an I2C bus from > > + * userspace, which can tunnel the I2C commands through another communication > > + * channel to a remote I2C bus. > > + */ > > + > > +#include <linux/build_bug.h> > > +#include <linux/cdev.h> > > +#include <linux/completion.h> > > +#include <linux/device.h> > > +#include <linux/errno.h> > > +#include <linux/fs.h> > > +#include <linux/i2c.h> > > +#include <linux/init.h> > > +#include <linux/jiffies.h> > > +#include <linux/kernel.h> > > +#include <linux/kobject.h> > > +#include <linux/list.h> > > +#include <linux/module.h> > > +#include <linux/mutex.h> > > +#include <linux/poll.h> > > +#include <linux/slab.h> > > +#include <linux/string.h> > > +#include <linux/time64.h> > > +#include <linux/types.h> > > +#include <linux/uaccess.h> > > +#include <linux/wait.h> > > + > > +/* Minimum i2cp_limit module parameter value. */ > > +#define I2CP_ADAPTERS_MIN 0 > > +/* Maximum i2cp_limit module parameter value. */ > > +#define I2CP_ADAPTERS_MAX 256 > > +/* Default i2cp_limit module parameter value. */ > > +#define I2CP_DEFAULT_LIMIT 8 > > +/* Value for alloc_chrdev_region() baseminor arg. */ > > +#define I2CP_CDEV_BASEMINOR 0 > > +#define I2CP_TIMEOUT_MS_MIN 0 > > +#define I2CP_TIMEOUT_MS_MAX (60 * MSEC_PER_SEC) > > +#define I2CP_DEFAULT_TIMEOUT_MS (3 * MSEC_PER_SEC) > > + > > +/* Used in struct device.kobj.name field. */ > > +#define I2CP_DEVICE_NAME "i2c-pseudo-controller" > > +/* Value for alloc_chrdev_region() name arg. */ > > +#define I2CP_CHRDEV_NAME "i2c_pseudo" > > +/* Value for class_create() name arg. */ > > +#define I2CP_CLASS_NAME "i2c-pseudo" > > +/* Value for alloc_chrdev_region() count arg. Should always be 1. */ > > +#define I2CP_CDEV_COUNT 1 > > + > > +#define I2CP_ADAP_START_CMD "ADAPTER_START" > > +#define I2CP_ADAP_SHUTDOWN_CMD "ADAPTER_SHUTDOWN" > > +#define I2CP_GET_NUMBER_CMD "GET_ADAPTER_NUM" > > +#define I2CP_NUMBER_REPLY_CMD "I2C_ADAPTER_NUM" > > +#define I2CP_GET_PSEUDO_ID_CMD "GET_PSEUDO_ID" > > +#define I2CP_PSEUDO_ID_REPLY_CMD "I2C_PSEUDO_ID" > > +#define I2CP_SET_NAME_SUFFIX_CMD "SET_ADAPTER_NAME_SUFFIX" > > +#define I2CP_SET_TIMEOUT_CMD "SET_ADAPTER_TIMEOUT_MS" > > +#define I2CP_BEGIN_MXFER_REQ_CMD "I2C_BEGIN_XFER" > > +#define I2CP_COMMIT_MXFER_REQ_CMD "I2C_COMMIT_XFER" > > +#define I2CP_MXFER_REQ_CMD "I2C_XFER_REQ" > > +#define I2CP_MXFER_REPLY_CMD "I2C_XFER_REPLY" > > + > > +/* Maximum size of a controller command. */ > > +#define I2CP_CTRLR_CMD_LIMIT 255 > > +/* Maximum number of controller read responses to allow enqueued at once. */ > > +#define I2CP_CTRLR_RSP_QUEUE_LIMIT 256 > > +/* The maximum size of a single controller read response. */ > > +#define I2CP_MAX_MSG_BUF_SIZE 16384 > > +/* Maximum length (not size!) of i2cp_cmds static array. */ > > +#define I2CP_CMDS_SANITY_LIMIT 64 > > +/* Maximum size of a controller read or write. */ > > +#define I2CP_RW_SIZE_LIMIT 1048576 > > + > > +/* > > + * Marks the end of a controller command or read response. > > + * > > + * Fundamentally, controller commands and read responses could use different end > > + * marker characters, but for sanity they should be the same. > > + * > > + * This must be a variable, not a macro, because it is passed to copy_to_user() > > + * by address. Taking the address of a character literal causes a compiler > > + * error. Making these C strings instead of characters would allow for that > > + * (with other implications), but then copy_to_user() itself refuses to compile, > > + * because of an assertion that the copy size (1) must match the size of the > > + * string literal (2 with its trailing null). > > + */ > > +static const char i2cp_ctrlr_end_char = '\n'; > > +/* Separator between I2C message header fields in the controller bytestream. */ > > +static const char i2cp_ctrlr_header_sep_char = ' '; > > +/* Separator between I2C message data bytes in the controller bytestream. */ > > +static const char i2cp_ctrlr_data_sep_char = ':'; > > + > > +/* > > + * This used instead of strcmp(in_str, other_str) because in_str may have null > > + * characters within its in_size boundaries, which could cause an unintended > > + * match. > > + */ > > +#define STRING_NEQ(in_str, in_size, other_str) \ > > + (in_size != strlen(other_str) || memcmp(other_str, in_str, in_size)) > > + > > +#define STR_HELPER(num) #num > > +#define STR(num) STR_HELPER(num) > > + > > +#define CONST_STRLEN(str) (sizeof(str) - 1) > > + > > +/* > > + * The number of pseudo I2C adapters permitted. This default value can be > > + * overridden at module load time. Must be in the range > > + * [I2CP_ADAPTERS_MIN, I2CP_ADAPTERS_MAX]. > > + * > > + * As currently used, this MUST NOT be changed during or after module > > + * initialization. If the ability to change this at runtime is desired, an > > + * audit of the uses of this variable will be necessary. > > + */ > > +static unsigned int i2cp_limit = I2CP_DEFAULT_LIMIT; > > +module_param(i2cp_limit, uint, 0444); > > + > > +/* > > + * The default I2C pseudo adapter timeout, in milliseconds. > > + * 0 means use Linux I2C adapter default. > > + * Can be changed per adapter by the controller. > > + */ > > +static unsigned int i2cp_default_timeout_ms = I2CP_DEFAULT_TIMEOUT_MS; > > +module_param(i2cp_default_timeout_ms, uint, 0444); > > + > > +struct i2cp_controller; > > + > > +/* This tracks all I2C pseudo adapters. */ > > +struct i2cp_counters { > > + /* This must be held while accessing any fields. */ > > + struct mutex lock; > > + unsigned int count; > > + /* > > + * This is used to make a strong attempt at avoiding ID reuse, > > + * especially during the lifetime of a userspace i2c-dev client. This > > + * can wrap by design, and thus makes no perfect guarantees. > > + */ > > + /* Same type as struct i2cp_controller.id field. */ > > + unsigned int next_ctrlr_id; > > + struct i2cp_controller **all_controllers; > > +}; > > + > > +static struct class *i2cp_class; > > +static dev_t i2cp_dev_num; > > + > > +struct i2cp_device { > > + struct i2cp_counters counters; > > + struct cdev cdev; > > + struct device device; > > +}; > > + > > +static struct i2cp_device *i2cp_device; > > + > > +/* > > + * An instance of this struct in i2cp_cmds[] array defines a command that a > > + * controller process may write to the I2C pseudo character device, hereafter a > > + * "write command." > > + * > > + * A write command consists of one or more header fields, followed optionally by > > + * data. Each header field is fully buffered before being sent to > > + * header_receiver(). Data is not fully buffered, it is chunked in fixed > > + * increments set by the return value of the final header_receiver() call. > > + * > > + * Every write command begins with its name. The name is used both to map the > > + * command to an instance of this struct, and as the first header field. > > + * > > + * A header field ends at either i2cp_ctrlr_end_char or > > + * i2cp_ctrlr_header_sep_char, neither of which is ever included in header field > > + * values passed to a callback. > > + * > > + * A command always ends at i2cp_ctrlr_end_char. Anything written after that by > > + * the controller is treated as a new command. > > + * > > + * After i2cp_ctrlr_header_sep_char the return value of header_receiver() from > > + * the previous header field is used to determine whether subsequent input is > > + * another header field, or data. > > + * > > + * Once header_receiver() has indicated that data is expected, all input until > > + * i2cp_ctrlr_end_char will be handled as data, and header_receiver() will not > > + * be called again for the command. > > + * > > + * For a given I2C pseudo controller instance there will never be more than one > > + * write command in flight at once, and there will never be more than one of > > + * these callbacks executing at once. These callbacks need not do any > > + * cross-thread synchronization among themselves. > > + * > > + * Note: Data may contain i2cp_ctrlr_header_sep_char. > > + * > > + * Note: There are no restrictions on the use of the null char ('\0') in either > > + * header fields or data. (If either i2cp_ctrlr_header_sep_char or > > + * i2cp_ctrlr_end_char is null then the respective restrictions around those > > + * characters apply as usual, of course.) Write command implementations need > > + * not use or expect null, but they must at least handle it gracefully and fail > > + * without bad side effects, same as with any unexpected input. > > + */ > > +struct i2cp_cmd { > > + /* > > + * Set these to the command name. > > + * > > + * The command name must not contain i2cp_ctrlr_header_sep_char or > > + * i2cp_ctrlr_end_char. The behavior otherwise is undefined; such a > > + * command would be uncallable, and could become either a build-time or > > + * runtime error. > > + * > > + * The command name must be unique in the i2cp_cmds[] array. The > > + * behavior with duplicate command names is undefined, subject to > > + * change, and subject to become either a build-time or runtime error. > > + */ > > + char *cmd_string; /* Must be non-NULL. */ > > + size_t cmd_size; /* Must be non-zero. */ > > + > > + /* > > + * This is called once for each I2C pseudo controller to initialize > > + * *data, prior to that pointer being passed to any other callbacks. > > + * > > + * This will only be called before the I2C adapter device is added. > > + * > > + * *data will be set to NULL before this is called. > > + * > > + * This callback may be NULL, in which case *data will remain NULL upon > > + * initialization. > > + * > > + * This should return -errno upon failure, 0 upon success. All > > + * non-negative return values are currently treated as success but > > + * positive values are reserved for potential future use. > > + * > > + * Initialization failure will cause the whole I2C pseudo controller to > > + * fail to initialize or function, thus *data will not be passed to any > > + * other callbacks. > > + */ > > + int (*data_creator)(void **data); > > + /* > > + * This is called once when shutdown of an I2C pseudo controller is > > + * imminent, and no further I2C replies can be processed. > > + * > > + * This callback may be NULL. > > + */ > > + void (*data_shutdown)(void *data); > > + /* > > + * This is called once upon termination of each I2C pseudo controller to > > + * free any resources held by @data. > > + * > > + * This will never be called while the I2C adapter device is active. > > + * Normally that means this is called after the I2C adapter device has > > + * been deleted, but it is also possible for this to be called during > > + * I2C pseudo controller initialization if a subsequent initialization > > + * step failed, as part of failure handling cleanup. > > + * > > + * This will only be called after a successful return value from > > + * data_creator(). > > + * > > + * This will be passed the same *data pointer that data_creator() placed > > + * in its **data output arg. > > + * > > + * The *data pointer will not be used again by the write command system > > + * after the start of this function call. > > + * > > + * This callback may be NULL. > > + */ > > + void (*data_destroyer)(void *data); > > + /* > > + * This is called to process write command header fields, including the > > + * command name itself as the first header field in every command. > > + * > > + * This is called once for each header field, in order, including the > > + * initial command name. > > + * > > + * @data is the value of *data from data_creator(). (Thus NULL if > > + * data_creator field is NULL.) > > + * > > + * @in and @in_size are the header value. It will never contain > > + * i2cp_ctrlr_header_sep_char or i2cp_ctrlr_end_char. > > + * > > + * in[in_size] is guaranteed to be null. There may be null characters > > + * inside the buffer boundary indicated by @in_size as well though! > > + * > > + * @non_blocking indicates whether O_NONBLOCK is set on the controller > > + * file descriptor. This is not expected to be relevant to most write > > + * command callback implementations, however it should be respected if > > + * relevant. In other words, if this is true do not block indefinitely, > > + * instead return EAGAIN or EWOULDBLOCK. If this is false never return > > + * EAGAIN or EWOULDBLOCK. > > + * > > + * Return -errno to indicate a failure. After a failure the next and > > + * final callback invocation for the command will be cmd_completer(). > > + * > > + * Return 0 to indicate success _and_ that another header field is > > + * expected next. The next header field will be fully buffered before > > + * being sent to this callback, just as the current one was. > > + * > > + * Return a positive value to indicate success _and_ that data is > > + * expected next. The exact positive value sets the chunk size used to > > + * buffer the data and pass it to data_receiver. All invocations of > > + * data_receiver are guaranteed to receive data in a _multiple_ of the > > + * chunk size, except the final invocation, because > > + * i2cp_ctrlr_end_char could be received on a non-chunk-size boundary. > > + * The return value should be less than I2CP_CTRLR_CMD_LIMIT, as that > > + * minus one is the maximum that will ever be buffered at once, and thus > > + * the maximum that will ever be sent to a single invocation of > > + * data_receiver. > > + * > > + * If the command is expected to end after a header field without any > > + * data, it is encouraged to return 1 here and have data_receiver > > + * indicate a failure if it is called. That avoids having the > > + * unexpected input buffered unnecessarily. > > + * > > + * This callback MUST NOT be NULL. > > + */ > > + int (*header_receiver)(void *data, char *in, size_t in_size, > > + bool non_blocking); > > + /* > > + * This is called to process write command data, when requested by the > > + * header_receiver() return value. > > + * > > + * This may be invoked multiple times for each data field, with the data > > + * broken up into sequential non-overlapping chunks. > > + * > > + * @in and @in_size are data. The data will never contain > > + * i2cp_ctrlr_end_char. > > + * > > + * in[in_size] is guaranteed to be null. There may be null characters > > + * inside the buffer boundary indicated by @in_size as well though! > > + * > > + * @in_size is guaranteed to be a multiple of the chunk size as > > + * specified by the last return value from header_receiver(), unless > > + * either the chunk size is >= I2CP_CTRLR_CMD_LIMIT, or > > + * i2cp_ctrlr_end_char was reached on a non-chunk-sized boundary. > > + * > > + * @in_size is guaranteed to be greater than zero, and less than > > + * I2CP_CTRLR_CMD_LIMIT. > > + * > > + * @non_blocking indicates whether O_NONBLOCK is set on the controller > > + * file descriptor. This is not expected to be relevant to most write > > + * command callback implementations, however it should be respected if > > + * relevant. In other words, if this is true do not block indefinitely, > > + * instead return EAGAIN or EWOULDBLOCK. If this is false never return > > + * EAGAIN or EWOULDBLOCK. > > + * > > + * This should return -errno upon failure, 0 upon success. All > > + * non-negative return values are currently treated as success but > > + * positive values are reserved for potential future use. After a > > + * failure the next and final callback invocation for the command will > > + * be cmd_completer(). > > + * > > + * If header_receiver() never returns a positive number, this callback > > + * should be NULL. Otherwise, this callback MUST NOT be NULL. > > + */ > > + int (*data_receiver)(void *data, char *in, size_t in_size, > > + bool non_blocking); > > + /* > > + * This is called to complete processing of a command, after it has been > > + * received in its entirety. > > + * > > + * If @receive_status is positive, it is an error code from the invoking > > + * routines themselves, e.g. if the controller process wrote a header > > + * field >= I2CP_CTRLR_CMD_LIMIT. > > + * > > + * If @receive_status is zero, it means all invocations of > > + * header_receiver and data_receiver returned successful values and the > > + * entire write command was received successfully. > > + * > > + * If @receive_status is negative, it is the value returned by the last > > + * header_receiver or data_receiver invocation. > > + * > > + * @non_blocking indicates whether O_NONBLOCK is set on the controller > > + * file descriptor. This is not expected to be relevant to most write > > + * command callback implementations, however it should be respected if > > + * relevant. In other words, if this is true do not block indefinitely, > > + * instead return EAGAIN or EWOULDBLOCK. If this is false never return > > + * EAGAIN or EWOULDBLOCK. > > + * > > + * This is called exactly once for each write command. This is true > > + * regardless of the value of @non_blocking and regardless of the return > > + * value of this function, so it is imperative that this function > > + * perform any necessary cleanup tasks related to @data, even if > > + * non_blocking=true and blocking is required! > > + * > > + * Thus, even with non_blocking=true, it would only ever make sense to > > + * return -EAGAIN from this function if the struct i2cp_cmd > > + * implementation is able to perform the would-be blocked cmd_completer > > + * operation later, e.g. upon invocation of a callback for the next > > + * write command, or by way of a background thread. > > + * > > + * This should return -errno upon failure, 0 upon success. All > > + * non-negative return values are currently treated as success but > > + * positive values are reserved for potential future use. > > + * > > + * An error should be returned only to indicate a new error that > > + * happened during the execution of this callback. Any error from > > + * @receive_status should *not* be copied to the return value of this > > + * callback. > > + * > > + * This callback may be NULL. > > + */ > > + int (*cmd_completer)(void *data, struct i2cp_controller *pdata, > > + int receive_status, bool non_blocking); > > +}; > > + > > +/* > > + * These are indexes of i2cp_cmds[]. Every element in that array should have a > > + * corresponding value in this enum, and the enum value should be used in the > > + * i2cp_cmds[] initializer. > > + * > > + * Command names are matched in this order, so sort by expected frequency. > > + */ > > +enum { > > + I2CP_CMD_MXFER_REPLY_IDX = 0, > > + I2CP_CMD_ADAP_START_IDX, > > + I2CP_CMD_ADAP_SHUTDOWN_IDX, > > + I2CP_CMD_GET_NUMBER_IDX, > > + I2CP_CMD_GET_PSEUDO_ID_IDX, > > + I2CP_CMD_SET_NAME_SUFFIX_IDX, > > + I2CP_CMD_SET_TIMEOUT_IDX, > > + /* Keep this at the end! This must equal ARRAY_SIZE(i2cp_cmds). */ > > + I2CP_NUM_WRITE_CMDS, > > +}; > > + > > +/* > > + * All values must be >= 0. This should not contain any error values. > > + * > > + * The state for a new controller must have a zero value, so that > > + * zero-initialized memory results in the correct default value. > > + */ > > +enum i2cp_ctrlr_state { > > + /* > > + * i2c_add_adapter() has not been called yet, or has only returned > > + * failure. > > + */ > > + I2CP_CTRLR_STATE_NEW = 0, > > + /* > > + * i2c_add_adapter() has return success, and the controller has not > > + * requested shutdown yet. > > + */ > > + I2CP_CTRLR_STATE_RUNNING, > > + /* > > + * i2c_add_adapter() has returned success, and the controller has > > + * requested shutdown. > > + * > > + * Note that it is perfectly acceptable for a pseudo controller fd to be > > + * closed and released without shutdown having been requested > > + * beforehand. Thus, this state is purely optional in the lifetime of a > > + * controller. > > + */ > > + I2CP_CTRLR_STATE_SHUTDN_REQ, > > +}; > > + > > +/* > > + * Avoid allocating this struct on the stack, it contains a large buffer as a > > + * direct member. > > + * > > + * To avoid deadlocks, never attempt to hold more than one of the locks in this > > + * structure at once, with the following exceptions: > > + * - It is permissible to acquire read_rsp_queue_lock while holding cmd_lock. > > + * - It is permissible to acquire read_rsp_queue_lock while holding rsp_lock. > > + */ > > +struct i2cp_controller { > > + unsigned int index; > > + /* > > + * Never modify the ID after initialization. > > + * > > + * This should be an unsigned integer type large enough to hold > > + * I2CP_ADAPTERS_MAX. > > + */ > > + unsigned int id; > > + /* > > + * Only i2cp_cdev_open() and i2cp_cdev_release() may access this field. > > + * Other functions called by them, or called by the I2C subsystem, may > > + * of course take a reference to this same struct i2c_adapter. However > > + * no other functions besides the aforementioned two may access the > > + * i2c_adapter field of struct i2cp_controller. > > + */ > > + struct i2c_adapter i2c_adapter; > > + > > + struct mutex startstop_lock; > > + enum i2cp_ctrlr_state startstop_state; > > + > > + wait_queue_head_t poll_wait_queue; > > + > > + /* This must be held while read or writing cmd_* fields. */ > > + struct mutex cmd_lock; > > + /* > > + * This becomes the @receive_status arg to struct i2cp_cmd.cmd_completer > > + * callback. > > + * > > + * A negative value is an error number from > > + * struct i2cp_cmd.header_receiver or struct i2cp_cmd.data_receiver. > > + * > > + * A zero value means no error has occurred so far in processing the > > + * current write reply command. > > + * > > + * A positive value is an error number from a non-command-specific part > > + * of write command processing, e.g. from the > > + * struct file_operations.write callback itself, or function further up > > + * its call stack that is not specific to any particular write command. > > + */ > > + int cmd_receive_status; > > + /* > > + * Index of i2cp_cmds[] and .cmd_data[] plus one, i.e. value of 1 means > > + * 0 index. Value of 0 (zero) means the controller is waiting for a new > > + * command. > > + */ > > + int cmd_idx_plus_one; > > + int cmd_data_increment; > > + size_t cmd_size; > > + /* Add one for trailing null character. */ > > + char cmd_buf[I2CP_CTRLR_CMD_LIMIT + 1]; > > + void *cmd_data[I2CP_NUM_WRITE_CMDS]; > > + > > + struct completion read_rsp_queued; > > + /* This must be held while read or writing read_rsp_queue_* fields. */ > > + struct mutex read_rsp_queue_lock; > > + /* > > + * This is a FIFO queue of struct i2cp_rsp.queue . > > + * > > + * This MUST be strictly used as FIFO. Only consume or pop the first > > + * item. Only append to the end. Users of this queue assume this FIFO > > + * behavior is strictly followed, and their uses of read_rsp_queue_lock > > + * would not be safe otherwise. > > + */ > > + struct list_head read_rsp_queue_head; > > + unsigned int read_rsp_queue_length; > > + > > + /* This must be held while reading or writing rsp_* fields. */ > > + struct mutex rsp_lock; > > + bool rsp_invalidated; > > + /* > > + * Holds formatted string from most recently popped item of > > + * read_rsp_queue_head if it was not wholly consumed by the last > > + * controller read. > > + */ > > + char *rsp_buf_start; > > + char *rsp_buf_pos; > > + ssize_t rsp_buf_remaining; > > +}; > > + > > +struct i2cp_cmd_mxfer_reply { > > + /* > > + * This lock MUST be held while reading or modifying any part of this > > + * struct i2cp_cmd_mxfer_reply, unless you can guarantee that nothing > > + * else can access this struct concurrently, such as during > > + * initialization. > > + * > > + * The struct i2cp_cmd_mxfer_reply_data.reply_queue_lock of the > > + * struct i2cp_cmd_mxfer_reply_data.reply_queue_head list which contains > > + * this struct i2cp_cmd_mxfer_reply.reply_queue_item MUST be held when > > + * attempting to acquire this lock. > > + * > > + * It is NOT required to keep > > + * struct i2cp_cmd_mxfer_reply_data.reply_queue_lock held after > > + * acquisition of this lock (unless also manipulating > > + * struct i2cp_cmd_mxfer_reply_data.reply_queue_* of course). > > + */ > > + struct mutex lock; > > + > > + /* > > + * Never modify the ID after initialization. > > + * > > + * This should be an unsigned integer type large enough to hold > > + * I2CP_CTRLR_RSP_QUEUE_LIMIT. If changing this type, audit for printf > > + * format strings that need updating! > > + */ > > + unsigned int id; > > + /* Number of I2C messages successfully processed, or negative error. */ > > + int ret; > > + /* Same type as struct i2c_algorithm.master_xfer @num arg. */ > > + int num_msgs; > > + /* Same type as struct i2c_algorithm.master_xfer @msgs arg. */ > > + struct i2c_msg *msgs; > > + /* Same length (not size) as *msgs array. */ > > + bool *completed; > > + /* Number of completed[] array entries with true value. */ > > + int num_completed_true; > > + > > + /* > > + * This is for use in struct i2cp_cmd_mxfer_reply_data.reply_queue_head > > + * FIFO queue. > > + * > > + * Any time this is deleted from its containing > > + * struct i2cp_cmd_mxfer_reply_data.reply_queue_head list, either > > + * list_del_init() MUST be used (not list_del()), OR this whole > > + * struct i2cp_cmd_mxfer_reply MUST be freed. > > + * > > + * That way, if this struct is not immediately freed, the code which > > + * eventually frees it can test whether it still needs to be deleted > > + * from struct i2cp_cmd_mxfer_reply_data.reply_queue_head by using > > + * list_empty() on reply_queue_item. (Calling list_del() on an > > + * already-deleted list item is unsafe.) > > + */ > > + struct list_head reply_queue_item; > > + struct completion data_filled; > > +}; > > + > > +/* > > + * The state for receiving the first field must have a zero value, so that > > + * zero-initialized memory results in the correct default value. > > + */ > > +enum i2cp_cmd_mxfer_reply_state { > > + I2CP_CMD_MXFER_REPLY_STATE_CMD_NEXT = 0, > > + I2CP_CMD_MXFER_REPLY_STATE_ID_NEXT, > > + I2CP_CMD_MXFER_REPLY_STATE_INDEX_NEXT, > > + I2CP_CMD_MXFER_REPLY_STATE_ADDR_NEXT, > > + I2CP_CMD_MXFER_REPLY_STATE_FLAGS_NEXT, > > + I2CP_CMD_MXFER_REPLY_STATE_ERRNO_NEXT, > > + I2CP_CMD_MXFER_REPLY_STATE_DATA_NEXT, > > + /* > > + * This is used to tell subsequent callback invocations that the write > > + * command currently being received is invalid, when the receiver wants > > + * to quietly discard the write command instead of loudly returning an > > + * error. > > + */ > > + I2CP_CMD_MXFER_REPLY_STATE_INVALID, > > +}; > > + > > +struct i2cp_cmd_mxfer_reply_data { > > + /* This must be held while read or writing reply_queue_* fields. */ > > + struct mutex reply_queue_lock; > > + /* > > + * This is used to make a strong attempt at avoiding ID reuse, > > + * especially for overlapping master_xfer() calls. > > + * > > + * This can wrap by design, and thus makes no perfect guarantees over > > + * the lifetime of an I2C pseudo adapter. > > + * > > + * No code should assume uniqueness, not even for master_xfer() calls of > > + * overlapping lifetimes. When the controller writes a master_xfer() > > + * reply command, assume that it is for the oldest outstanding instance > > + * of the ID number specified. > > + */ > > + /* Same type as struct i2cp_cmd_mxfer_reply.id field. */ > > + unsigned int next_mxfer_id; > > + /* > > + * This is a FIFO queue of struct i2cp_cmd_mxfer_reply.reply_queue_item. > > + * > > + * This MUST be strictly used as FIFO. Only consume or pop the first > > + * item. Only append to the end. Users of this queue assume this FIFO > > + * behavior is strictly followed, and their uses of reply_queue_lock may > > + * not be safe otherwise. > > + */ > > + struct list_head reply_queue_head; > > + unsigned int reply_queue_length; > > + struct i2cp_cmd_mxfer_reply *reply_queue_current_item; > > + > > + enum i2cp_cmd_mxfer_reply_state state; > > + > > + /* Same type as struct i2cp_cmd_mxfer_reply.id field. */ > > + unsigned int current_id; > > + /* Same type as struct i2c_msg.addr field. */ > > + u16 current_addr; > > + /* Same type as struct i2c_msg.flags field. */ > > + u16 current_flags; > > + /* Same type as struct i2c_algorithm.master_xfer @num arg. */ > > + int current_msg_idx; > > + /* Same type as struct i2c_msg.len field. */ > > + u16 current_buf_idx; > > +}; > > + > > +struct i2cp_cmd_set_name_suffix_data { > > + char name_suffix[sizeof_field(struct i2c_adapter, name)]; > > + size_t name_suffix_len; > > +}; > > + > > +struct i2cp_cmd_set_timeout_data { > > + int field_pos; > > + unsigned int timeout_ms; > > +}; > > + > > +struct i2cp_rsp { > > + /* > > + * This callback is invoked to format its associated data for passing to > > + * the userspace controller process when it read()s the I2C pseudo > > + * controller character device. > > + * > > + * @data will be the data pointer from this struct instance. > > + * > > + * @out is an output argument. Upon positive return value, *out must be > > + * set to a buffer which the caller will take ownership of, and which > > + * can be freed with kfree(). > > + * > > + * Upon positive return value, @data must NOT be freed. > > + * > > + * The formatter will be called repeatedly for the same data until it > > + * returns non-positive. > > + * > > + * Upon non-positive return value, *out should not be modified. > > + * > > + * Upon non-positive return value, the formatter should have freed data > > + * with kfree(). Implicitly this means any allocations owned by *data > > + * should have been freed by the formatter as well. > > + * > > + * A negative return value indicates an error occurred and the data > > + * cannot be formatted successfully. The error code may or may not > > + * eventually be propagated back to the I2C pseudo adapter controller. > > + * > > + * A positive return value is the number of characters/bytes to use from > > + * the *out buffer, always starting from index 0. It should NOT include > > + * a trailing NULL character unless that character should be propagated > > + * to the I2C pseudo adapter controller! It therefore does NOT need to > > + * be the full size of the allocated *out buffer, instead it can be > > + * less. (The size is not needed by kfree().) > > + * > > + * The formatter owns the memory pointed to by data. The invoking code > > + * will never mutate or free data. Thus, upon non-positive return value > > + * from the formatter, the formatter must have already performed any > > + * reference counting decrement or memory freeing necessary to ensure > > + * data does not live beyond its final use. > > + * > > + * There will never be more than one formatter callback in flight at > > + * once for a given I2C pseudo controller. This is true even in the > > + * face of concurrent reads by the controller. > > + * > > + * The formatter must NOT use i2cp_ctrlr_end_char in anywhere in *out > > + * (within the size range indicated by the return value; past that does > > + * not matter). The i2cp_ctrlr_end_char will be added automatically by > > + * the caller after a zero return value (successful completion) from the > > + * formatter. > > + * > > + * The formatter must never create or return a buffer larger than > > + * I2CP_MAX_MSG_BUF_SIZE. The formatter is encouraged to avoid that by > > + * generating and returning the output in chunks, taking advantage of > > + * the guarantee that it will be called repeatedly until exhaustion > > + * (zero return value) or failure (negative return value). If the > > + * formatter expects its formatted output or natural subsets of it to > > + * always fit within I2CP_MAX_MSG_BUF_SIZE, and it is called with input > > + * data not meeting that expectation, the formatter should return > > + * -ERANGE to indicate this condition. > > + */ > > + ssize_t (*formatter)(void *data, char **out); > > + void *data; > > + > > + struct list_head queue; > > +}; > > + > > +struct i2cp_rsp_buffer { > > + char *buf; > > + ssize_t size; > > +}; > > + > > +struct i2cp_rsp_master_xfer { > > + /* Never modify the ID after initialization. */ > > + /* Same type as struct i2cp_cmd_mxfer_reply.id field. */ > > + unsigned int id; > > + > > + /* These types match those of struct i2c_algorithm.master_xfer args. */ > > + struct i2c_msg *msgs; > > + int num; > > + > > + /* > > + * Always initialize fields below here to zero. They are for internal > > + * use by i2cp_rsp_master_xfer_formatter(). > > + */ > > + int num_msgs_done; /* type of @num field */ > > + size_t buf_start_plus_one; > > +}; > > + > > +/* vanprintf - See anprintf() documentation. */ > > +static ssize_t vanprintf(char **out, ssize_t max_size, gfp_t gfp, > > + const char *fmt, va_list ap) > > +{ > > + int ret; > > + ssize_t buf_size; > > + char *buf = NULL; > > + va_list args1; > > + > > + va_copy(args1, ap); > > + ret = vsnprintf(NULL, 0, fmt, ap); > > + if (ret < 0) > > + goto fail_before_args1; > > + if (max_size >= 0 && ret > max_size) { > > + ret = -ERANGE; > > + goto fail_before_args1; > > + } > > + > > + buf_size = ret + 1; > > + buf = kmalloc_track_caller(buf_size, gfp); > > + if (buf == NULL) { > > + ret = -ENOMEM; > > + goto fail_before_args1; > > + } > > + > > + ret = vsnprintf(buf, buf_size, fmt, args1); > > + va_end(args1); > > + if (ret < 0) > > + goto fail_after_args1; > > + if (ret + 1 != buf_size) { > > + ret = -ENOTRECOVERABLE; > > + goto fail_after_args1; > > + } > > + > > + *out = buf; > > + return ret; > > + > > + fail_before_args1: > > + va_end(args1); > > + fail_after_args1: > > + kfree(buf); > > + if (ret >= 0) > > + ret = -ENOTRECOVERABLE; > > + return ret; > > +} > > + > > +/* > > + * anprintf - Format a string and place it into a newly allocated buffer. > > + * @out: Address of the pointer to place the buffer address into. Will only be > > + * written to with a successful positive return value. > > + * @max_size: If non-negative, the maximum buffer size that this function will > > + * attempt to allocate. If the formatted string including trailing null > > + * character would not fit, no buffer will be allocated, and an error will > > + * be returned. (Thus max_size of 0 will always result in an error.) > > + * @gfp: GFP flags for kmalloc(). > > + * @fmt: The format string to use. > > + * @...: Arguments for the format string. > > + * > > + * Return value meanings: > > + * > > + * >=0: A buffer of this size was allocated and its address written to *out. > > + * The caller now owns the buffer and is responsible for freeing it with > > + * kfree(). The final character in the buffer, not counted in this > > + * return value, is the trailing null. This is the same return value > > + * meaning as snprintf(3). > > + * > > + * <0: An error occurred. Negate the return value for the error number. > > + * @out will not have been written to. Errors that might come from > > + * snprintf(3) may come from this function as well. Additionally, the > > + * following errors may occur from this function: > > + * > > + * ERANGE: A buffer larger than @max_size would be needed to fit the > > + * formatted string including its trailing null character. > > + * > > + * ENOMEM: Allocation of the output buffer failed. > > + * > > + * ENOTRECOVERABLE: An unexpected condition occurred. This may indicate > > + * a bug. > > + */ > > +static ssize_t anprintf(char **out, ssize_t max_size, gfp_t gfp, > > + const char *fmt, ...) > > +{ > > + ssize_t ret; > > + va_list args; > > + > > + va_start(args, fmt); > > + ret = vanprintf(out, max_size, gfp, fmt, args); > > + va_end(args); > > + return ret; > > +} > > + > > +static ssize_t i2cp_rsp_buffer_formatter(void *data, char **out) > > +{ > > + struct i2cp_rsp_buffer *rsp_buf; > > + > > + rsp_buf = data; > > + if (rsp_buf->buf) { > > + if (rsp_buf->size > 0) { > > + *out = rsp_buf->buf; > > + rsp_buf->buf = NULL; > > + return rsp_buf->size; > > + } > > + kfree(rsp_buf->buf); > > + } > > + kfree(rsp_buf); > > + return 0; > > +} > > + > > +static ssize_t i2cp_rsp_master_xfer_formatter(void *data, char **out) > > +{ > > + ssize_t ret; > > + size_t i, buf_size, byte_start, byte_limit; > > + char *buf_start, *buf_pos; > > + struct i2cp_rsp_master_xfer *mxfer_rsp; > > + struct i2c_msg *i2c_msg; > > + > > + mxfer_rsp = data; > > + > > + /* > > + * This condition is set by a previous call to this function with the > > + * same data, when it returned an error but was not consuming the final > > + * i2c_msg. > > + */ > > + if (!mxfer_rsp->msgs) { > > + ++mxfer_rsp->num_msgs_done; > > + ret = 0; > > + goto maybe_free; > > + } > > + > > + i2c_msg = &mxfer_rsp->msgs[mxfer_rsp->num_msgs_done]; > > + > > + /* > > + * If this is a read, or if this is a write and we've finished writing > > + * the data buffer, we are done with this i2c_msg. > > + */ > > + if (mxfer_rsp->buf_start_plus_one >= 1 && > > + (i2c_msg->flags & I2C_M_RD || > > + mxfer_rsp->buf_start_plus_one >= (size_t)i2c_msg->len + 1)) { > > + ++mxfer_rsp->num_msgs_done; > > + mxfer_rsp->buf_start_plus_one = 0; > > + ret = 0; > > + goto maybe_free; > > + } > > + > > + if (mxfer_rsp->buf_start_plus_one <= 0) { > > + /* > > + * The length is not strictly necessary with the explicit > > + * end-of-message marker (i2cp_ctrlr_end_char), however it > > + * serves as a useful sanity check for controllers to verify > > + * that no bytes were lost in kernel->userspace transmission. > > + */ > > + ret = anprintf(&buf_start, I2CP_MAX_MSG_BUF_SIZE, GFP_KERNEL, > > + "%*s%c%u%c%d%c0x%04X%c0x%04X%c%u", > > + (int)strlen(I2CP_MXFER_REQ_CMD), I2CP_MXFER_REQ_CMD, > > + i2cp_ctrlr_header_sep_char, mxfer_rsp->id, > > + i2cp_ctrlr_header_sep_char, mxfer_rsp->num_msgs_done, > > + i2cp_ctrlr_header_sep_char, i2c_msg->addr, > > + i2cp_ctrlr_header_sep_char, i2c_msg->flags, > > + i2cp_ctrlr_header_sep_char, i2c_msg->len); > > + if (ret > 0) { > > + *out = buf_start; > > + mxfer_rsp->buf_start_plus_one = 1; > > + /* > > + * If we have a zero return value, it means the output buffer > > + * was allocated as size one, containing only a terminating null > > + * character. This would be a bug given the requested format > > + * string above. Also, formatter functions must not mutate *out > > + * when returning zero. So if this matches, free the useless > > + * buffer and return an error. > > + */ > > + } else if (ret == 0) { > > + ret = -EINVAL; > > + kfree(buf_start); > > + } > > + goto maybe_free; > > + } > > + > > + byte_start = mxfer_rsp->buf_start_plus_one - 1; > > + byte_limit = min_t(size_t, i2c_msg->len - byte_start, > > + I2CP_MAX_MSG_BUF_SIZE / 3); > > + /* 3 chars per byte == 2 chars for hex + 1 char for separator */ > > + buf_size = byte_limit * 3; > > + > > + buf_start = kzalloc(buf_size, GFP_KERNEL); > > + if (!buf_start) { > > + ret = -ENOMEM; > > + goto maybe_free; > > + } > > + > > + for (buf_pos = buf_start, i = 0; i < byte_limit; ++i) { > > + *buf_pos++ = (i || byte_start) ? > > + i2cp_ctrlr_data_sep_char : i2cp_ctrlr_header_sep_char; > > + buf_pos = hex_byte_pack_upper( > > + buf_pos, i2c_msg->buf[byte_start + i]); > > + } > > + *out = buf_start; > > + ret = buf_size; > > + mxfer_rsp->buf_start_plus_one += i; > > + > > + maybe_free: > > + if (ret <= 0) { > > + if (mxfer_rsp->num_msgs_done >= mxfer_rsp->num) { > > + kfree(mxfer_rsp->msgs); > > + kfree(mxfer_rsp); > > + /* > > + * If we are returning an error but have not consumed all of > > + * mxfer_rsp yet, we must not attempt to output any more I2C > > + * messages from the same mxfer_rsp. Setting mxfer_rsp->msgs to > > + * NULL tells the remaining invocations with this mxfer_rsp to > > + * output nothing. > > + * > > + * There can be more invocations with the same mxfer_rsp even > > + * after returning an error here because > > + * i2cp_adapter_master_xfer() reuses a single > > + * struct i2cp_rsp_master_xfer (mxfer_rsp) across multiple > > + * struct i2cp_rsp (rsp_wrappers), one for each struct i2c_msg > > + * within the mxfer_rsp. > > + */ > > + } else if (ret < 0) { > > + kfree(mxfer_rsp->msgs); > > + mxfer_rsp->msgs = NULL; > > + } > > + } > > + return ret; > > +} > > + > > +static ssize_t i2cp_id_show(struct device *dev, struct device_attribute *attr, > > + char *buf) > > +{ > > + int ret; > > + struct i2c_adapter *adap; > > + struct i2cp_controller *pdata; > > + > > + adap = container_of(dev, struct i2c_adapter, dev); > > + pdata = container_of(adap, struct i2cp_controller, i2c_adapter); > > + ret = snprintf(buf, PAGE_SIZE, "%u\n", pdata->id); > > + if (ret >= PAGE_SIZE) > > + return -ERANGE; > > + return ret; > > +} > > + > > +static const struct device_attribute i2cp_id_dev_attr = { > > + .attr = { > > + .name = "i2c-pseudo-id", > > + .mode = 0444, > > + }, > > + .show = i2cp_id_show, > > +}; > > + > > +static enum i2cp_ctrlr_state i2cp_adap_get_state(struct i2cp_controller *pdata) > > +{ > > + enum i2cp_ctrlr_state ret; > > + > > + mutex_lock(&pdata->startstop_lock); > > + ret = pdata->startstop_state; > > + mutex_unlock(&pdata->startstop_lock); > > + return ret; > > +} > > + > > +static int i2cp_cmd_mxfer_reply_data_creator(void **data) > > +{ > > + struct i2cp_cmd_mxfer_reply_data *cmd_data; > > + > > + cmd_data = kzalloc(sizeof(*cmd_data), GFP_KERNEL); > > + if (!cmd_data) > > + return -ENOMEM; > > + mutex_init(&cmd_data->reply_queue_lock); > > + INIT_LIST_HEAD(&cmd_data->reply_queue_head); > > + *data = cmd_data; > > + return 0; > > +} > > + > > +/* > > + * Notify pending I2C requests of the shutdown. There is no possibility of > > + * further I2C replies at this point. This stops the I2C requests from waiting > > + * for the adapter timeout, which could have been set arbitrarily long by the > > + * userspace controller. > > + */ > > +static void i2cp_cmd_mxfer_reply_data_shutdown(void *data) > > +{ > > + struct list_head *list_ptr; > > + struct i2cp_cmd_mxfer_reply_data *cmd_data; > > + struct i2cp_cmd_mxfer_reply *mxfer_reply; > > + > > + cmd_data = data; > > + mutex_lock(&cmd_data->reply_queue_lock); > > + list_for_each(list_ptr, &cmd_data->reply_queue_head) { > > + mxfer_reply = list_entry(list_ptr, struct i2cp_cmd_mxfer_reply, > > + reply_queue_item); > > + mutex_lock(&mxfer_reply->lock); > > + complete_all(&mxfer_reply->data_filled); > > + mutex_unlock(&mxfer_reply->lock); > > + } > > + mutex_unlock(&cmd_data->reply_queue_lock); > > +} > > + > > +static void i2cp_cmd_mxfer_reply_data_destroyer(void *data) > > +{ > > + /* > > + * We do not have to worry about racing with in-flight I2C messages > > + * because data_destroyer callbacks are guaranteed to never be called > > + * while the I2C adapter device is active. > > + */ > > + kfree(data); > > +} > > + > > +static inline bool i2cp_mxfer_reply_is_current( > > + struct i2cp_cmd_mxfer_reply_data *cmd_data, > > + struct i2cp_cmd_mxfer_reply *mxfer_reply) > > +{ > > + int i; > > + > > + i = cmd_data->current_msg_idx; > > + return cmd_data->current_id == mxfer_reply->id && > > + i >= 0 && i < mxfer_reply->num_msgs && > > + cmd_data->current_addr == mxfer_reply->msgs[i].addr && > > + cmd_data->current_flags == mxfer_reply->msgs[i].flags; > > +} > > + > > +/* cmd_data->reply_queue_lock must be held. */ > > +static inline struct i2cp_cmd_mxfer_reply *i2cp_mxfer_reply_find_current( > > + struct i2cp_cmd_mxfer_reply_data *cmd_data) > > +{ > > + struct list_head *list_ptr; > > + struct i2cp_cmd_mxfer_reply *mxfer_reply; > > + > > + list_for_each(list_ptr, &cmd_data->reply_queue_head) { > > + mxfer_reply = list_entry(list_ptr, struct i2cp_cmd_mxfer_reply, > > + reply_queue_item); > > + if (i2cp_mxfer_reply_is_current(cmd_data, mxfer_reply)) > > + return mxfer_reply; > > + } > > + return NULL; > > +} > > + > > +/* cmd_data->reply_queue_lock must NOT already be held. */ > > +static inline void i2cp_mxfer_reply_update_current( > > + struct i2cp_cmd_mxfer_reply_data *cmd_data) > > +{ > > + mutex_lock(&cmd_data->reply_queue_lock); > > + cmd_data->reply_queue_current_item = i2cp_mxfer_reply_find_current( > > + cmd_data); > > + mutex_unlock(&cmd_data->reply_queue_lock); > > +} > > + > > +static int i2cp_cmd_mxfer_reply_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + int ret, reply_errno = 0; > > + struct i2cp_cmd_mxfer_reply_data *cmd_data; > > + > > + cmd_data = data; > > + > > + switch (cmd_data->state) { > > + case I2CP_CMD_MXFER_REPLY_STATE_CMD_NEXT: > > + /* Expect the msg/reply ID header field next. */ > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_ID_NEXT; > > + return 0; > > + case I2CP_CMD_MXFER_REPLY_STATE_ID_NEXT: > > + case I2CP_CMD_MXFER_REPLY_STATE_INDEX_NEXT: > > + case I2CP_CMD_MXFER_REPLY_STATE_ADDR_NEXT: > > + case I2CP_CMD_MXFER_REPLY_STATE_FLAGS_NEXT: > > + case I2CP_CMD_MXFER_REPLY_STATE_ERRNO_NEXT: > > + break; > > + default: > > + /* Reaching here is a bug. */ > > + /* > > + * Testing this before checking for null characters ensures the > > + * correct error is indicated. > > + */ > > + return -EINVAL; > > + } > > + > > + /* > > + * The command name is logically outside the control of this function, > > + * and may contain null characters, even if that would be nonsensical. > > + * Thus it is handled above, followed by this check, and below here > > + * the rest of the header fields are handled. Some of them use > > + * functions that could mishandle input which contains nulls. An actual > > + * error would be okay, however if the input were consumed incorrectly > > + * without an error, that could lead to subtle bugs. > > + */ > > + if (memchr(in, '\0', in_size)) > > + return -EPROTO; > > + > > + switch (cmd_data->state) { > > + case I2CP_CMD_MXFER_REPLY_STATE_ID_NEXT: > > + ret = kstrtouint(in, 0, &cmd_data->current_id); > > + if (ret < 0) > > + return ret; > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_INDEX_NEXT; > > + return 0; > > + case I2CP_CMD_MXFER_REPLY_STATE_INDEX_NEXT: > > + ret = kstrtoint(in, 0, &cmd_data->current_msg_idx); > > + if (ret < 0) > > + return ret; > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_ADDR_NEXT; > > + return 0; > > + case I2CP_CMD_MXFER_REPLY_STATE_ADDR_NEXT: > > + ret = kstrtou16(in, 0, &cmd_data->current_addr); > > + if (ret < 0) > > + return ret; > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_FLAGS_NEXT; > > + return 0; > > + case I2CP_CMD_MXFER_REPLY_STATE_FLAGS_NEXT: > > + ret = kstrtou16(in, 0, &cmd_data->current_flags); > > + if (ret < 0) > > + return ret; > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_ERRNO_NEXT; > > + return 0; > > + case I2CP_CMD_MXFER_REPLY_STATE_ERRNO_NEXT: > > + ret = kstrtoint(in, 0, &reply_errno); > > + if (ret < 0) > > + return ret; > > + break; > > + default: > > + /* Reaching here is a bug. */ > > + return -EINVAL; > > + } > > + > > + /* > > + * Only I2CP_CMD_MXFER_REPLY_STATE_ERRNO_NEXT can reach this point. > > + * Now that we've received all of the headers, find the matching > > + * mxfer_reply. > > + */ > > + i2cp_mxfer_reply_update_current(cmd_data); > > + > > + if (reply_errno || !cmd_data->reply_queue_current_item) { > > + /* > > + * reply_errno: > > + * Drop the specific errno for now. The Linux I2C API > > + * does not provide a way to return an errno for a > > + * specific message within a master_xfer() call. The > > + * cmd_completer callback will indicate this > > + * controller-reported failure by not incrementing > > + * mxfer_reply->ret for this I2C msg reply. > > + * > > + * cmd_data->reply_queue_current_item == NULL: > > + * No matching mxfer_reply was found. Discard any > > + * further input in this command. The cmd_completer > > + * callback will indicate this failure to the > > + * controller. > > + */ > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_INVALID; > > + /* > > + * Ask for data bytes in multiples of 1, i.e. no > > + * boundary requirements, because the we're just going > > + * to discard it. The next field could even be a header > > + * instead of data, but it doesn't matter, we're going > > + * to continue discarding the write input until the end > > + * of this write command. > > + */ > > + return 1; > > + } > > + > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_DATA_NEXT; > > + /* > > + * Ask for data bytes in multiples of 3. Expected format is > > + * hexadecimal NN:NN:... e.g. "3C:05:F1:01" is a possible 4 byte > > + * data value. > > + */ > > + return 3; > > +} > > + > > +static int i2cp_cmd_mxfer_reply_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + int ret; > > + char u8_hex[3] = {0}; > > + struct i2cp_cmd_mxfer_reply_data *cmd_data; > > + struct i2cp_cmd_mxfer_reply *mxfer_reply; > > + struct i2c_msg *i2c_msg; > > + > > + cmd_data = data; > > + > > + if (cmd_data->state == I2CP_CMD_MXFER_REPLY_STATE_INVALID) > > + return 0; > > + if (cmd_data->state != I2CP_CMD_MXFER_REPLY_STATE_DATA_NEXT) > > + /* Reaching here is a bug. */ > > + return -EINVAL; > > + > > + mutex_lock(&cmd_data->reply_queue_lock); > > + mxfer_reply = cmd_data->reply_queue_current_item; > > + if (!mxfer_reply) { > > + /* Reaching here is a bug. */ > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + return -EINVAL; > > + } > > + mutex_lock(&mxfer_reply->lock); > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + > > + if (cmd_data->current_msg_idx < 0 || > > + cmd_data->current_msg_idx >= mxfer_reply->num_msgs) { > > + /* Reaching here is a bug. */ > > + ret = -EINVAL; > > + goto unlock; > > + } > > + > > + i2c_msg = &mxfer_reply->msgs[cmd_data->current_msg_idx]; > > + > > + if (!(i2c_msg->flags & I2C_M_RD)) { > > + /* The controller responded to a write with data. */ > > + ret = -EIO; > > + goto unlock; > > + } > > + > > + if (i2c_msg->flags & I2C_M_RECV_LEN) { > > + /* > > + * When I2C_M_RECV_LEN is set, struct i2c_algorithm.master_xfer > > + * is expected to increment struct i2c_msg.len by the actual > > + * amount of bytes read. > > + * > > + * Given the above, an initial struct i2c_msg.len value of 0 > > + * would be reasonable, since it will be incremented for each > > + * byte read. > > + * > > + * An initial value of 1 representing the expected size byte > > + * also makes sense, and appears to be common practice. > > + * > > + * We consider a larger initial value to indicate a bug in the > > + * I2C/SMBus client, because it's difficult to reconcile such a > > + * value with the documented requirement that struct i2c_msg.len > > + * be "incremented by the number of block data bytes received." > > + * Besides returning an error, our only options would be to > > + * ignore and blow away a value that was potentially meaningful > > + * to the client (e.g. if it indicates the maximum buffer size), > > + * assume the value is the buffer size or expected read size > > + * (which would conflict with the documentation), or just > > + * blindly increment it, leaving it at a value greater than the > > + * actual number of bytes we wrote to the buffer, and likely > > + * indicating a size larger than the actual buffer allocation. > > + */ > > + if (cmd_data->current_buf_idx == 0) { > > + if (i2c_msg->len > 1) { > > + ret = -EPROTO; > > + goto unlock; > > + } > > + /* > > + * Subtract the read size byte because the in_size > > + * increment in the loop below will re-add it. > > + */ > > + i2c_msg->len = 0; > > + } > > + } > > + > > + while (in_size > 0 && cmd_data->current_buf_idx < i2c_msg->len) { > > + if (in_size < 2 || > > + (in_size > 2 && in[2] != i2cp_ctrlr_data_sep_char) || > > + memchr(in, '\0', 2)) { > > + /* > > + * Reaching here is a bug in the userspace I2C pseudo > > + * adapter controller. (Or possibly a bug in this > > + * module itself, of course.) > > + */ > > + ret = -EIO; > > + goto unlock; > > + } > > + /* > > + * When using I2C_M_RECV_LEN, the buffer is required to be able > > + * to hold: > > + * > > + * I2C_SMBUS_BLOCK_MAX > > + * +1 byte for the read size (first byte) > > + * +1 byte for the optional PEC byte (last byte if present). > > + * > > + * If reading the next byte would exceed that, return EPROTO > > + * error per Documentation/i2c/fault-codes . > > + */ > > + if (i2c_msg->flags & I2C_M_RECV_LEN && > > + i2c_msg->len >= I2C_SMBUS_BLOCK_MAX + 2) { > > + ret = -EPROTO; > > + goto unlock; > > + } > > + /* Use u8_hex to get a terminating null byte for kstrtou8(). */ > > + memcpy(u8_hex, in, 2); > > + /* > > + * TODO: Do we need to do anything different based on the > > + * I2C_M_DMA_SAFE bit? Do we ever need to use copy_to_user()? > > + */ > > + ret = kstrtou8(u8_hex, 16, > > + &i2c_msg->buf[cmd_data->current_buf_idx]); > > + if (ret < 0) > > + goto unlock; > > + if (i2c_msg->flags & I2C_M_RECV_LEN) > > + ++i2c_msg->len; > > + ++cmd_data->current_buf_idx; > > + in += min_t(size_t, 3, in_size); > > + in_size -= min_t(size_t, 3, in_size); > > + } > > + > > + /* Quietly ignore any bytes beyond the buffer size. */ > > + ret = 0; > > + > > + unlock: > > + mutex_unlock(&mxfer_reply->lock); > > + return ret; > > +} > > + > > +static int i2cp_cmd_mxfer_reply_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + int ret; > > + struct i2cp_cmd_mxfer_reply_data *cmd_data; > > + struct i2cp_cmd_mxfer_reply *mxfer_reply; > > + struct i2c_msg *i2c_msg; > > + > > + cmd_data = data; > > + mutex_lock(&cmd_data->reply_queue_lock); > > + > > + mxfer_reply = cmd_data->reply_queue_current_item; > > + if (!mxfer_reply) { > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + ret = -EIO; > > + goto reset_cmd_data; > > + } > > + > > + mutex_lock(&mxfer_reply->lock); > > + > > + if (mxfer_reply->completed[cmd_data->current_msg_idx]) { > > + /* We already received a reply for this msg. */ > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + mutex_unlock(&mxfer_reply->lock); > > + ret = -EIO; > > + goto reset_cmd_data; > > + } > > + > > + mxfer_reply->completed[cmd_data->current_msg_idx] = true; > > + if (++mxfer_reply->num_completed_true >= mxfer_reply->num_msgs) { > > + list_del_init(&mxfer_reply->reply_queue_item); > > + --cmd_data->reply_queue_length; > > + cmd_data->reply_queue_current_item = NULL; > > + complete_all(&mxfer_reply->data_filled); > > + } > > + > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + i2c_msg = &mxfer_reply->msgs[cmd_data->current_msg_idx]; > > + > > + if (!receive_status && > > + cmd_data->state == I2CP_CMD_MXFER_REPLY_STATE_DATA_NEXT && > > + (!(i2c_msg->flags & I2C_M_RD) || > > + cmd_data->current_buf_idx >= i2c_msg->len)) > > + ++mxfer_reply->ret; > > + > > + mutex_unlock(&mxfer_reply->lock); > > + ret = 0; > > + > > + reset_cmd_data: > > + cmd_data->state = I2CP_CMD_MXFER_REPLY_STATE_CMD_NEXT; > > + cmd_data->current_id = 0; > > + cmd_data->current_addr = 0; > > + cmd_data->current_flags = 0; > > + cmd_data->current_msg_idx = 0; > > + cmd_data->current_buf_idx = 0; > > + return ret; > > +} > > + > > +static int i2cp_cmd_adap_start_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * No more header fields or data are expected. This directs any further > > + * input in this command to the data_receiver, which for this write > > + * command will unconditionally indicate a controller error. > > + */ > > + return 1; > > +} > > + > > +static int i2cp_cmd_adap_start_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * Reaching here means the controller wrote extra data in the command > > + * line after the initial command name. That is unexpected and > > + * indicates a controller bug. > > + */ > > + return -EPROTO; > > +} > > + > > +static int i2cp_cmd_adap_start_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + int ret; > > + > > + /* Refuse to start if there were errors processing this command. */ > > + if (receive_status) > > + return 0; > > + > > + /* > > + * Acquire pdata->startstop_lock manually instead of using > > + * i2cp_adap_get_state() in order to keep the lock while calling > > + * i2c_add_adapter(). > > + */ > > + mutex_lock(&pdata->startstop_lock); > > + > > + if (pdata->startstop_state != I2CP_CTRLR_STATE_NEW) { > > + ret = -EISCONN; > > + goto unlock; > > + } > > + > > + /* Add the I2C adapter. */ > > + ret = i2c_add_adapter(&pdata->i2c_adapter); > > + if (ret < 0) > > + goto unlock; > > + > > + pdata->startstop_state = I2CP_CTRLR_STATE_RUNNING; > > + > > + /* Add the I2C pseudo controller ID sysfs file. */ > > + ret = device_create_file(&pdata->i2c_adapter.dev, &i2cp_id_dev_attr); > > + if (ret < 0) > > + goto unlock; > > + > > + ret = 0; > > + > > + unlock: > > + mutex_unlock(&pdata->startstop_lock); > > + return ret; > > +} > > + > > +static int i2cp_cmd_adap_shutdown_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * No more header fields or data are expected. This directs any further > > + * input in this command to the data_receiver, which for this write > > + * command will unconditionally indicate a controller error. > > + */ > > + return 1; > > +} > > + > > +static int i2cp_cmd_adap_shutdown_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * Reaching here means the controller wrote extra data in the command > > + * line after the initial command name. That is unexpected and > > + * indicates a controller bug. > > + */ > > + return -EPROTO; > > +} > > + > > +static int i2cp_cmd_adap_shutdown_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + /* Refuse to shutdown if there were errors processing this command. */ > > + if (receive_status) > > + return 0; > > + > > + mutex_lock(&pdata->startstop_lock); > > + pdata->startstop_state = I2CP_CTRLR_STATE_SHUTDN_REQ; > > + mutex_unlock(&pdata->startstop_lock); > > + > > + /* Wake up blocked controller readers. */ > > + complete_all(&pdata->read_rsp_queued); > > + /* Wake up blocked controller pollers. */ > > + wake_up_interruptible_all(&pdata->poll_wait_queue); > > + return 0; > > +} > > + > > +static int i2cp_cmd_get_number_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * No more header fields or data are expected. This directs any further > > + * input in this command to the data_receiver, which for this write > > + * command will unconditionally indicate a controller error. > > + */ > > + return 1; > > +} > > + > > +static int i2cp_cmd_get_number_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * Reaching here means the controller wrote extra data in the command > > + * line after the initial command name. That is unexpected and > > + * indicates a controller bug. > > + */ > > + return -EPROTO; > > +} > > + > > +static int i2cp_cmd_get_number_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + ssize_t ret; > > + int i2c_adap_nr; > > + struct i2cp_rsp_buffer *rsp_buf; > > + struct i2cp_rsp *rsp_wrapper; > > + > > + /* Abort if there were errors processing this command. */ > > + if (receive_status) > > + return 0; > > + > > + /* > > + * Check the pseudo controller startstop_state. If it's running, get > > + * the I2C adapter number. > > + * > > + * Acquire pdata->startstop_lock manually instead of using > > + * i2cp_adap_get_state() in order to keep the lock while retrieving the > > + * I2C adapter number. > > + */ > > + mutex_lock(&pdata->startstop_lock); > > + if (pdata->startstop_state != I2CP_CTRLR_STATE_RUNNING) { > > + mutex_unlock(&pdata->startstop_lock); > > + return -ENOTCONN; > > + } > > + i2c_adap_nr = pdata->i2c_adapter.nr; > > + mutex_unlock(&pdata->startstop_lock); > > + > > + rsp_wrapper = kzalloc(sizeof(*rsp_wrapper), GFP_KERNEL); > > + if (!rsp_wrapper) > > + return -ENOMEM; > > + > > + rsp_buf = kzalloc(sizeof(*rsp_buf), GFP_KERNEL); > > + if (!rsp_buf) { > > + ret = -ENOMEM; > > + goto fail_after_rsp_wrapper_alloc; > > + } > > + > > + ret = anprintf(&rsp_buf->buf, I2CP_MAX_MSG_BUF_SIZE, GFP_KERNEL, > > + "%*s%c%d", > > + (int)strlen(I2CP_NUMBER_REPLY_CMD), I2CP_NUMBER_REPLY_CMD, > > + i2cp_ctrlr_header_sep_char, i2c_adap_nr); > > + if (ret < 0) { > > + goto fail_after_rsp_buf_alloc; > > + } else if (ret == 0) { > > + ret = -EINVAL; > > + goto fail_after_buf_alloc; > > + } > > + rsp_buf->size = ret; > > + > > + rsp_wrapper->data = rsp_buf; > > + rsp_wrapper->formatter = i2cp_rsp_buffer_formatter; > > + > > + mutex_lock(&pdata->read_rsp_queue_lock); > > + if (pdata->read_rsp_queue_length >= I2CP_CTRLR_RSP_QUEUE_LIMIT) { > > + ret = -ENOBUFS; > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + goto fail_after_buf_alloc; > > + } > > + > > + list_add_tail(&rsp_wrapper->queue, &pdata->read_rsp_queue_head); > > + ++pdata->read_rsp_queue_length; > > + complete(&pdata->read_rsp_queued); > > + > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + return 0; > > + > > + fail_after_buf_alloc: > > + kfree(rsp_buf->buf); > > + fail_after_rsp_buf_alloc: > > + kfree(rsp_buf); > > + fail_after_rsp_wrapper_alloc: > > + kfree(rsp_wrapper); > > + return ret; > > +} > > + > > +static int i2cp_cmd_get_pseudo_id_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * No more header fields or data are expected. This directs any further > > + * input in this command to the data_receiver, which for this write > > + * command will unconditionally indicate a controller error. > > + */ > > + return 1; > > +} > > + > > +static int i2cp_cmd_get_pseudo_id_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * Reaching here means the controller wrote extra data in the command > > + * line after the initial command name. That is unexpected and > > + * indicates a controller bug. > > + */ > > + return -EPROTO; > > +} > > + > > +static int i2cp_cmd_get_pseudo_id_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + ssize_t ret; > > + struct i2cp_rsp_buffer *rsp_buf; > > + struct i2cp_rsp *rsp_wrapper; > > + > > + /* Abort if there were errors processing this command. */ > > + if (receive_status) > > + return 0; > > + > > + rsp_wrapper = kzalloc(sizeof(*rsp_wrapper), GFP_KERNEL); > > + if (!rsp_wrapper) > > + return -ENOMEM; > > + > > + rsp_buf = kzalloc(sizeof(*rsp_buf), GFP_KERNEL); > > + if (!rsp_buf) { > > + ret = -ENOMEM; > > + goto fail_after_rsp_wrapper_alloc; > > + } > > + > > + ret = anprintf(&rsp_buf->buf, I2CP_MAX_MSG_BUF_SIZE, GFP_KERNEL, > > + "%*s%c%u", > > + (int)strlen(I2CP_PSEUDO_ID_REPLY_CMD), I2CP_PSEUDO_ID_REPLY_CMD, > > + i2cp_ctrlr_header_sep_char, pdata->id); > > + if (ret < 0) { > > + goto fail_after_rsp_buf_alloc; > > + } else if (ret == 0) { > > + ret = -EINVAL; > > + goto fail_after_buf_alloc; > > + } > > + rsp_buf->size = ret; > > + > > + rsp_wrapper->data = rsp_buf; > > + rsp_wrapper->formatter = i2cp_rsp_buffer_formatter; > > + > > + mutex_lock(&pdata->read_rsp_queue_lock); > > + if (pdata->read_rsp_queue_length >= I2CP_CTRLR_RSP_QUEUE_LIMIT) { > > + ret = -ENOBUFS; > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + goto fail_after_buf_alloc; > > + } > > + > > + list_add_tail(&rsp_wrapper->queue, &pdata->read_rsp_queue_head); > > + ++pdata->read_rsp_queue_length; > > + complete(&pdata->read_rsp_queued); > > + > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + return 0; > > + > > + fail_after_buf_alloc: > > + kfree(rsp_buf->buf); > > + fail_after_rsp_buf_alloc: > > + kfree(rsp_buf); > > + fail_after_rsp_wrapper_alloc: > > + kfree(rsp_wrapper); > > + return ret; > > +} > > + > > +static int i2cp_cmd_set_name_suffix_data_creator(void **data) > > +{ > > + struct i2cp_cmd_set_name_suffix_data *cmd_data; > > + > > + cmd_data = kzalloc(sizeof(*cmd_data), GFP_KERNEL); > > + if (!cmd_data) > > + return -ENOMEM; > > + *data = cmd_data; > > + return 0; > > +} > > + > > +static void i2cp_cmd_set_name_suffix_data_destroyer(void *data) > > +{ > > + kfree(data); > > +} > > + > > +static int i2cp_cmd_set_name_suffix_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + return 1; > > +} > > + > > +static int i2cp_cmd_set_name_suffix_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + size_t remaining; > > + struct i2cp_cmd_set_name_suffix_data *cmd_data; > > + > > + cmd_data = data; > > + remaining = sizeof(cmd_data->name_suffix) - cmd_data->name_suffix_len; > > + /* Quietly truncate the suffix if necessary. */ > > + /* The suffix may need to be further truncated later. */ > > + if (in_size > remaining) > > + in_size = remaining; > > + memcpy(&cmd_data->name_suffix[cmd_data->name_suffix_len], in, in_size); > > + cmd_data->name_suffix_len += in_size; > > + return 0; > > +} > > + > > +static int i2cp_cmd_set_name_suffix_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + int ret; > > + struct i2cp_cmd_set_name_suffix_data *cmd_data; > > + > > + /* Abort if there were errors processing this command. */ > > + if (receive_status) > > + return 0; > > + > > + /* > > + * Acquire pdata->startstop_lock manually instead of using > > + * i2cp_adap_get_state() in order to keep the lock while > > + * setting the I2C adapter name. > > + */ > > + mutex_lock(&pdata->startstop_lock); > > + > > + if (pdata->startstop_state != I2CP_CTRLR_STATE_NEW) { > > + ret = -EISCONN; > > + goto unlock; > > + } > > + > > + cmd_data = data; > > + ret = snprintf(pdata->i2c_adapter.name, sizeof(pdata->i2c_adapter.name), > > + "I2C pseudo ID %u %*s", pdata->id, > > + (int)cmd_data->name_suffix_len, cmd_data->name_suffix); > > + if (ret < 0) > > + goto unlock; > > + > > + ret = 0; > > + > > + unlock: > > + mutex_unlock(&pdata->startstop_lock); > > + return ret; > > +} > > + > > +static int i2cp_cmd_set_timeout_data_creator(void **data) > > +{ > > + struct i2cp_cmd_set_timeout_data *cmd_data; > > + > > + cmd_data = kzalloc(sizeof(*cmd_data), GFP_KERNEL); > > + if (!cmd_data) > > + return -ENOMEM; > > + *data = cmd_data; > > + return 0; > > +} > > + > > +static void i2cp_cmd_set_timeout_data_destroyer(void *data) > > +{ > > + kfree(data); > > +} > > + > > +static int i2cp_cmd_set_timeout_header_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + int ret; > > + struct i2cp_cmd_set_timeout_data *cmd_data; > > + > > + cmd_data = data; > > + switch (cmd_data->field_pos++) { > > + case 0: > > + return 0; > > + case 1: > > + ret = kstrtouint(in, 0, &cmd_data->timeout_ms); > > + if (ret < 0) > > + return ret; > > + return 1; > > + } > > + /* Reaching here is a bug. */ > > + return -EINVAL; > > +} > > + > > +static int i2cp_cmd_set_timeout_data_receiver(void *data, char *in, > > + size_t in_size, bool non_blocking) > > +{ > > + /* > > + * Reaching here means the controller wrote extra data in the command > > + * line. That is unexpected and indicates a controller bug. > > + */ > > + return -EPROTO; > > +} > > + > > +static int i2cp_cmd_set_timeout_cmd_completer(void *data, > > + struct i2cp_controller *pdata, int receive_status, bool non_blocking) > > +{ > > + int ret; > > + struct i2cp_cmd_set_timeout_data *cmd_data; > > + > > + /* Abort if there were errors processing this command. */ > > + if (receive_status) > > + return 0; > > + > > + /* > > + * Acquire pdata->startstop_lock manually instead of using > > + * i2cp_adap_get_state() in order to keep the lock while setting the > > + * I2C adapter name. > > + */ > > + mutex_lock(&pdata->startstop_lock); > > + > > + if (pdata->startstop_state != I2CP_CTRLR_STATE_NEW) { > > + ret = -EISCONN; > > + goto unlock; > > + } > > + > > + cmd_data = data; > > + if (cmd_data->timeout_ms < I2CP_TIMEOUT_MS_MIN || > > + cmd_data->timeout_ms > I2CP_TIMEOUT_MS_MAX) { > > + ret = -ERANGE; > > + goto unlock; > > + } > > + > > + pdata->i2c_adapter.timeout = msecs_to_jiffies(cmd_data->timeout_ms); > > + ret = 0; > > + > > + unlock: > > + mutex_unlock(&pdata->startstop_lock); > > + return ret; > > +} > > + > > +/* Command names are matched in this order, so sort by expected frequency. */ > > +/* All elements should be initialized in their I2CP_CMD_*_IDX position. */ > > +static const struct i2cp_cmd i2cp_cmds[] = { > > + [I2CP_CMD_MXFER_REPLY_IDX] = { > > + .cmd_string = I2CP_MXFER_REPLY_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_MXFER_REPLY_CMD), > > + .data_creator = i2cp_cmd_mxfer_reply_data_creator, > > + .data_shutdown = i2cp_cmd_mxfer_reply_data_shutdown, > > + .data_destroyer = i2cp_cmd_mxfer_reply_data_destroyer, > > + .header_receiver = i2cp_cmd_mxfer_reply_header_receiver, > > + .data_receiver = i2cp_cmd_mxfer_reply_data_receiver, > > + .cmd_completer = i2cp_cmd_mxfer_reply_cmd_completer, > > + }, > > + [I2CP_CMD_ADAP_START_IDX] = { > > + .cmd_string = I2CP_ADAP_START_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_ADAP_START_CMD), > > + .header_receiver = i2cp_cmd_adap_start_header_receiver, > > + .data_receiver = i2cp_cmd_adap_start_data_receiver, > > + .cmd_completer = i2cp_cmd_adap_start_cmd_completer, > > + }, > > + [I2CP_CMD_ADAP_SHUTDOWN_IDX] = { > > + .cmd_string = I2CP_ADAP_SHUTDOWN_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_ADAP_SHUTDOWN_CMD), > > + .header_receiver = i2cp_cmd_adap_shutdown_header_receiver, > > + .data_receiver = i2cp_cmd_adap_shutdown_data_receiver, > > + .cmd_completer = i2cp_cmd_adap_shutdown_cmd_completer, > > + }, > > + [I2CP_CMD_GET_NUMBER_IDX] = { > > + .cmd_string = I2CP_GET_NUMBER_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_GET_NUMBER_CMD), > > + .header_receiver = i2cp_cmd_get_number_header_receiver, > > + .data_receiver = i2cp_cmd_get_number_data_receiver, > > + .cmd_completer = i2cp_cmd_get_number_cmd_completer, > > + }, > > + [I2CP_CMD_GET_PSEUDO_ID_IDX] = { > > + .cmd_string = I2CP_GET_PSEUDO_ID_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_GET_PSEUDO_ID_CMD), > > + .header_receiver = i2cp_cmd_get_pseudo_id_header_receiver, > > + .data_receiver = i2cp_cmd_get_pseudo_id_data_receiver, > > + .cmd_completer = i2cp_cmd_get_pseudo_id_cmd_completer, > > + }, > > + [I2CP_CMD_SET_NAME_SUFFIX_IDX] = { > > + .cmd_string = I2CP_SET_NAME_SUFFIX_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_SET_NAME_SUFFIX_CMD), > > + .data_creator = i2cp_cmd_set_name_suffix_data_creator, > > + .data_destroyer = i2cp_cmd_set_name_suffix_data_destroyer, > > + .header_receiver = i2cp_cmd_set_name_suffix_header_receiver, > > + .data_receiver = i2cp_cmd_set_name_suffix_data_receiver, > > + .cmd_completer = i2cp_cmd_set_name_suffix_cmd_completer, > > + }, > > + [I2CP_CMD_SET_TIMEOUT_IDX] = { > > + .cmd_string = I2CP_SET_TIMEOUT_CMD, > > + .cmd_size = CONST_STRLEN(I2CP_SET_TIMEOUT_CMD), > > + .data_creator = i2cp_cmd_set_timeout_data_creator, > > + .data_destroyer = i2cp_cmd_set_timeout_data_destroyer, > > + .header_receiver = i2cp_cmd_set_timeout_header_receiver, > > + .data_receiver = i2cp_cmd_set_timeout_data_receiver, > > + .cmd_completer = i2cp_cmd_set_timeout_cmd_completer, > > + }, > > +}; > > + > > +/* Returns whether or not there is response queue data to read. */ > > +/* Must be called with pdata->rsp_lock held. */ > > +static inline bool i2cp_poll_in(struct i2cp_controller *pdata) > > +{ > > + return pdata->rsp_invalidated || pdata->rsp_buf_remaining != 0 || > > + !list_empty(&pdata->read_rsp_queue_head); > > +} > > + > > +static inline int i2cp_fill_rsp_buf(struct i2cp_rsp *rsp_wrapper, > > + struct i2cp_rsp_buffer *rsp_buf, char *contents, size_t size) > > +{ > > + rsp_buf->buf = kmemdup(contents, size, GFP_KERNEL); > > + if (!rsp_buf->buf) > > + return -ENOMEM; > > + rsp_buf->size = size; > > + rsp_wrapper->data = rsp_buf; > > + rsp_wrapper->formatter = i2cp_rsp_buffer_formatter; > > + return 0; > > +} > > + > > +#define I2CP_FILL_RSP_BUF_WITH_LITERAL(rsp_wrapper, rsp_buf, str_literal)\ > > + i2cp_fill_rsp_buf(\ > > + rsp_wrapper, rsp_buf, str_literal, strlen(str_literal)) > > + > > +static int i2cp_adapter_master_xfer(struct i2c_adapter *adap, > > + struct i2c_msg *msgs, int num) > > +{ > > + int i, ret = 0; > > + long wait_ret; > > + size_t wrappers_length, wrapper_idx = 0, rsp_bufs_idx = 0; > > + struct i2cp_controller *pdata; > > + struct i2cp_rsp **rsp_wrappers; > > + struct i2cp_rsp_buffer *rsp_bufs[2] = {0}; > > + struct i2cp_rsp_master_xfer *mxfer_rsp; > > + struct i2cp_cmd_mxfer_reply_data *cmd_data; > > + struct i2cp_cmd_mxfer_reply *mxfer_reply; > > + > > + if (num <= 0) { > > + if (num < 0) > > + return -EINVAL; > > + return ret; > > + } > > + > > + pdata = adap->algo_data; > > + cmd_data = pdata->cmd_data[I2CP_CMD_MXFER_REPLY_IDX]; > > + > > + switch (i2cp_adap_get_state(pdata)) { > > + case I2CP_CTRLR_STATE_RUNNING: > > + break; > > + case I2CP_CTRLR_STATE_SHUTDN_REQ: > > + return ret; > > + default: > > + /* Reaching here is a bug, even with a valid enum value. */ > > + return -EINVAL; > > + } > > + > > + wrappers_length = (size_t)num + ARRAY_SIZE(rsp_bufs); > > + rsp_wrappers = kcalloc(wrappers_length, sizeof(*rsp_wrappers), > > + GFP_KERNEL); > > + if (!rsp_wrappers) > > + return -ENOMEM; > > + > > + mxfer_reply = kzalloc(sizeof(*mxfer_reply), GFP_KERNEL); > > + if (!mxfer_reply) { > > + ret = -ENOMEM; > > + goto return_after_rsp_wrappers_ptrs_alloc; > > + } > > + > > + mxfer_reply->num_msgs = num; > > + init_completion(&mxfer_reply->data_filled); > > + mutex_init(&mxfer_reply->lock); > > + > > + mxfer_reply->msgs = kcalloc(num, sizeof(*mxfer_reply->msgs), > > + GFP_KERNEL); > > + if (!mxfer_reply->msgs) { > > + ret = -ENOMEM; > > + goto return_after_mxfer_reply_alloc; > > + } > > + > > + mxfer_reply->completed = kcalloc(num, sizeof(*mxfer_reply->completed), > > + GFP_KERNEL); > > + if (!mxfer_reply->completed) { > > + ret = -ENOMEM; > > + goto return_after_reply_msgs_alloc; > > + } > > + > > + for (i = 0; i < num; ++i) { > > + mxfer_reply->msgs[i].addr = msgs[i].addr; > > + mxfer_reply->msgs[i].flags = msgs[i].flags; > > + mxfer_reply->msgs[i].len = msgs[i].len; > > + if (msgs[i].flags & I2C_M_RD) > > + /* Copy the address, not the data. */ > > + mxfer_reply->msgs[i].buf = msgs[i].buf; > > + } > > + > > + for (i = 0; i < ARRAY_SIZE(rsp_bufs); ++i) { > > + rsp_bufs[i] = kzalloc(sizeof(*rsp_bufs[i]), GFP_KERNEL); > > + if (!rsp_bufs[i]) { > > + ret = -ENOMEM; > > + goto return_after_reply_completed_alloc; > > + } > > + } > > + > > + mxfer_rsp = kzalloc(sizeof(*mxfer_rsp), GFP_KERNEL); > > + if (!mxfer_rsp) { > > + ret = -ENOMEM; > > + goto fail_after_individual_rsp_bufs_alloc; > > + } > > + > > + mxfer_rsp->id = cmd_data->next_mxfer_id++; > > + mxfer_rsp->num = num; > > + > > + mxfer_rsp->msgs = kcalloc(num, sizeof(*mxfer_rsp->msgs), GFP_KERNEL); > > + if (!mxfer_rsp->msgs) { > > + ret = -ENOMEM; > > + goto fail_after_mxfer_rsp_alloc; > > + } > > + > > + for (i = 0; i < num; ++i) { > > + mxfer_rsp->msgs[i].addr = msgs[i].addr; > > + mxfer_rsp->msgs[i].flags = msgs[i].flags; > > + mxfer_rsp->msgs[i].len = msgs[i].len; > > + if (msgs[i].flags & I2C_M_RD) > > + continue; > > + /* Copy the data, not the address. */ > > + mxfer_rsp->msgs[i].buf = kmemdup(msgs[i].buf, msgs[i].len, > > + GFP_KERNEL); > > + if (!mxfer_rsp->msgs[i].buf) { > > + ret = -ENOMEM; > > + goto fail_after_rsp_msgs_alloc; > > + } > > + } > > + > > + for (i = 0; i < wrappers_length; ++i) { > > + rsp_wrappers[i] = kzalloc(sizeof(*rsp_wrappers[i]), GFP_KERNEL); > > + if (!rsp_wrappers[i]) { > > + ret = -ENOMEM; > > + goto fail_after_individual_rsp_wrappers_alloc; > > + } > > + } > > + > > + ret = I2CP_FILL_RSP_BUF_WITH_LITERAL(rsp_wrappers[wrapper_idx++], > > + rsp_bufs[rsp_bufs_idx++], I2CP_BEGIN_MXFER_REQ_CMD); > > + if (ret < 0) > > + goto fail_after_individual_rsp_wrappers_alloc; > > + > > + for (i = 0; i < num; ++i) { > > + rsp_wrappers[wrapper_idx]->data = mxfer_rsp; > > + rsp_wrappers[wrapper_idx++]->formatter = > > + i2cp_rsp_master_xfer_formatter; > > + } > > + > > + ret = I2CP_FILL_RSP_BUF_WITH_LITERAL(rsp_wrappers[wrapper_idx++], > > + rsp_bufs[rsp_bufs_idx++], I2CP_COMMIT_MXFER_REQ_CMD); > > + if (ret < 0) > > + goto fail_after_individual_rsp_wrappers_alloc; > > + > > + BUILD_BUG_ON(rsp_bufs_idx != ARRAY_SIZE(rsp_bufs)); > > + > > + mutex_lock(&pdata->read_rsp_queue_lock); > > + if (pdata->read_rsp_queue_length >= I2CP_CTRLR_RSP_QUEUE_LIMIT) { > > + ret = -ENOBUFS; > > + goto fail_with_read_rsp_queue_lock; > > + } > > + > > + mutex_lock(&cmd_data->reply_queue_lock); > > + if (cmd_data->reply_queue_length >= I2CP_CTRLR_RSP_QUEUE_LIMIT) { > > + ret = -ENOBUFS; > > + goto fail_with_reply_queue_lock; > > + } > > + > > + mxfer_reply->id = mxfer_rsp->id; > > + list_add_tail(&mxfer_reply->reply_queue_item, > > + &cmd_data->reply_queue_head); > > + ++cmd_data->reply_queue_length; > > + > > + for (i = 0; i < wrappers_length; ++i) { > > + list_add_tail(&rsp_wrappers[i]->queue, > > + &pdata->read_rsp_queue_head); > > + complete(&pdata->read_rsp_queued); > > + } > > + pdata->read_rsp_queue_length += wrappers_length; > > + > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + > > + /* Wake up the userspace controller if it was polling. */ > > + wake_up_interruptible(&pdata->poll_wait_queue); > > + /* Wait for a response from the userspace controller. */ > > + wait_ret = wait_for_completion_killable_timeout( > > + &mxfer_reply->data_filled, adap->timeout); > > + > > + mutex_lock(&cmd_data->reply_queue_lock); > > + /* > > + * Ensure mxfer_reply is not in use before dequeuing and freeing it. > > + * This depends on the requirement that mxfer_reply->lock only be > > + * acquired while holding cmd_data->reply_queue_lock. > > + */ > > + mutex_lock(&mxfer_reply->lock); > > + > > + if (wait_ret == -ERESTARTSYS) > > + ret = -EINTR; > > + else if (wait_ret < 0) > > + ret = wait_ret; > > + else > > + ret = mxfer_reply->ret; > > + > > + /* > > + * This depends on other functions that might delete > > + * mxfer_reply->reply_queue_item from cmd_data->reply_queue_head using > > + * list_del_init(), never list_del(). > > + */ > > + if (!list_empty(&mxfer_reply->reply_queue_item)) { > > + list_del(&mxfer_reply->reply_queue_item); > > + --cmd_data->reply_queue_length; > > + if (mxfer_reply == cmd_data->reply_queue_current_item) > > + cmd_data->reply_queue_current_item = NULL; > > + } > > + > > + mutex_unlock(&mxfer_reply->lock); > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + goto return_after_reply_msgs_alloc; > > + > > + fail_with_reply_queue_lock: > > + mutex_unlock(&cmd_data->reply_queue_lock); > > + fail_with_read_rsp_queue_lock: > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + fail_after_individual_rsp_wrappers_alloc: > > + for (i = 0; i < wrappers_length; ++i) > > + kfree(rsp_wrappers[i]); > > + fail_after_rsp_msgs_alloc: > > + for (i = 0; i < num; ++i) > > + kfree(mxfer_rsp->msgs[i].buf); > > + kfree(mxfer_rsp->msgs); > > + fail_after_mxfer_rsp_alloc: > > + kfree(mxfer_rsp); > > + fail_after_individual_rsp_bufs_alloc: > > + for (i = 0; i < ARRAY_SIZE(rsp_bufs); ++i) { > > + kfree(rsp_bufs[i]->buf); > > + kfree(rsp_bufs[i]); > > + } > > + return_after_reply_completed_alloc: > > + kfree(mxfer_reply->completed); > > + return_after_reply_msgs_alloc: > > + kfree(mxfer_reply->msgs); > > + return_after_mxfer_reply_alloc: > > + kfree(mxfer_reply); > > + return_after_rsp_wrappers_ptrs_alloc: > > + kfree(rsp_wrappers); > > + return ret; > > +} > > + > > +/* > > + * If more functionality than this needs to be supported, add a write command > > + * for the controller to specify its additional functionality prior to > > + * ADAPTER_START. Basic I2C functionality should remain implied and required. > > + * > > + * These functionalities in particular could be worth supporting: > > + * I2C_FUNC_10BIT_ADDR > > + * I2C_FUNC_NOSTART > > + * I2C_FUNC_PROTOCOL_MANGLING > > + */ > > +static u32 i2cp_adapter_functionality(struct i2c_adapter *adap) > > +{ > > + return I2C_FUNC_I2C | I2C_FUNC_SMBUS_EMUL; > > +} > > + > > +static const struct i2c_algorithm i2cp_algorithm = { > > + .master_xfer = i2cp_adapter_master_xfer, > > + .functionality = i2cp_adapter_functionality, > > +}; > > + > > +/* this_pseudo->counters.lock must _not_ be held when calling this. */ > > +static void i2cp_remove_from_counters(struct i2cp_controller *pdata, > > + struct i2cp_device *this_pseudo) > > +{ > > + > > + mutex_lock(&this_pseudo->counters.lock); > > + this_pseudo->counters.all_controllers[pdata->index] = NULL; > > + --this_pseudo->counters.count; > > + mutex_unlock(&this_pseudo->counters.lock); > > +} > > + > > +static int i2cp_cdev_open(struct inode *inodep, struct file *filep) > > +{ > > + int ret = 0; > > + unsigned int i, num_cmd_data_created = 0; > > + unsigned int ctrlr_id; > > + struct i2cp_controller *pdata; > > + struct i2cp_device *this_pseudo; > > + > > + /* Is there any way to find this through @inodep? */ > > + this_pseudo = i2cp_device; > > + > > + /* I2C pseudo adapter controllers are not seekable. */ > > + stream_open(inodep, filep); > > + /* Refuse fsnotify events. Modeled after /dev/ptmx implementation. */ > > + filep->f_mode |= FMODE_NONOTIFY; > > + > > + /* Allocate the I2C adapter. */ > > + pdata = kzalloc(sizeof(*pdata), GFP_KERNEL); > > + if (!pdata) > > + return -ENOMEM; > > + > > + INIT_LIST_HEAD(&pdata->read_rsp_queue_head); > > + init_waitqueue_head(&pdata->poll_wait_queue); > > + init_completion(&pdata->read_rsp_queued); > > + mutex_init(&pdata->startstop_lock); > > + mutex_init(&pdata->cmd_lock); > > + mutex_init(&pdata->rsp_lock); > > + mutex_init(&pdata->read_rsp_queue_lock); > > + > > + for (i = 0; i < ARRAY_SIZE(i2cp_cmds); ++i) { > > + if (!i2cp_cmds[i].data_creator) > > + continue; > > + ret = i2cp_cmds[i].data_creator(&pdata->cmd_data[i]); > > + if (ret < 0) > > + break; > > + } > > + num_cmd_data_created = i; > > + if (ret < 0) > > + goto fail_after_cmd_data_created; > > + > > + mutex_lock(&this_pseudo->counters.lock); > > + > > + for (i = 0; i < i2cp_limit; ++i) > > + if (!this_pseudo->counters.all_controllers[i]) > > + break; > > + if (i >= i2cp_limit) { > > + mutex_unlock(&this_pseudo->counters.lock); > > + ret = -ENOSPC; > > + goto fail_after_cmd_data_created; > > + } > > + pdata->index = i; > > + > > + for (ctrlr_id = this_pseudo->counters.next_ctrlr_id;;) { > > + /* Determine whether ctrlr_id is already in use. */ > > + for (i = 0; i < i2cp_limit; ++i) { > > + if (this_pseudo->counters.all_controllers[i] && > > + (this_pseudo->counters.all_controllers[i]->id == > > + ctrlr_id)) > > + break; > > + } > > + /* If ctrlr_id is available, use it. */ > > + if (i >= i2cp_limit) { > > + pdata->id = ctrlr_id; > > + this_pseudo->counters.next_ctrlr_id = ctrlr_id + 1; > > + ++this_pseudo->counters.count; > > + this_pseudo->counters.all_controllers[pdata->index] = > > + pdata; > > + break; > > + } > > + /* Increment ctrlr_id, and check for wrapping. */ > > + if (++ctrlr_id == this_pseudo->counters.next_ctrlr_id) { > > + mutex_unlock(&this_pseudo->counters.lock); > > + ret = -ENOSPC; > > + goto fail_after_cmd_data_created; > > + } > > + } > > + > > + mutex_unlock(&this_pseudo->counters.lock); > > + > > + /* Initialize the I2C adapter. */ > > + pdata->i2c_adapter.owner = THIS_MODULE; > > + pdata->i2c_adapter.class = I2C_CLASS_HWMON | I2C_CLASS_SPD; > > + pdata->i2c_adapter.algo = &i2cp_algorithm; > > + pdata->i2c_adapter.algo_data = pdata; > > + pdata->i2c_adapter.timeout = msecs_to_jiffies(i2cp_default_timeout_ms); > > + pdata->i2c_adapter.dev.parent = &this_pseudo->device; > > + ret = snprintf(pdata->i2c_adapter.name, sizeof(pdata->i2c_adapter.name), > > + "I2C pseudo ID %u", pdata->id); > > + if (ret < 0) > > + goto fail_after_counters_update; > > + > > + /* Return success. */ > > + filep->private_data = pdata; > > + return 0; > > + > > + fail_after_counters_update: > > + i2cp_remove_from_counters(pdata, this_pseudo); > > + fail_after_cmd_data_created: > > + for (i = 0; i < num_cmd_data_created; ++i) > > + if (i2cp_cmds[i].data_destroyer) > > + i2cp_cmds[i].data_destroyer(pdata->cmd_data[i]); > > + kfree(pdata); > > + return ret; > > +} > > + > > +static int i2cp_cdev_release(struct inode *inodep, struct file *filep) > > +{ > > + int i; > > + bool adapter_was_added = false; > > + struct i2cp_controller *pdata; > > + struct i2cp_device *this_pseudo; > > + > > + pdata = filep->private_data; > > + this_pseudo = container_of(pdata->i2c_adapter.dev.parent, > > + struct i2cp_device, device); > > + > > + /* > > + * The select(2) man page makes it clear that the behavior of pending > > + * select()/poll()/epoll_wait() on a fd that gets closed while waiting > > + * is undefined and should never be relied on. However since we are > > + * about to free pdata and therefore free pdata->poll_wait_queue, safest > > + * to wake up anyone waiting on it in an attempt to not leave them in a > > + * completely undefined state. > > + */ > > + wake_up_interruptible_all(&pdata->poll_wait_queue); > > + /* > > + * Linux guarantees there are no outstanding reads or writes when a > > + * struct file is released, so no further synchronization with the other > > + * struct file_operations callbacks should be needed. > > + */ > > + filep->private_data = NULL; > > + > > + mutex_lock(&pdata->startstop_lock); > > + if (pdata->startstop_state != I2CP_CTRLR_STATE_NEW) { > > + /* > > + * Defer deleting the adapter until after releasing > > + * pdata->startstop_state. This avoids deadlocking with any > > + * overlapping i2cp_adapter_master_xfer() calls, which also > > + * acquire the lock in order to check the state. > > + */ > > + adapter_was_added = true; > > + /* > > + * Instruct any overlapping i2cp_adapter_master_xfer() calls to > > + * return immediately. > > + */ > > + pdata->startstop_state = I2CP_CTRLR_STATE_SHUTDN_REQ; > > + } > > + mutex_unlock(&pdata->startstop_lock); > > + > > + /* > > + * Wake up blocked I2C requests. This is an optimization so that they > > + * don't need to wait for the I2C adapter timeout, since there is no > > + * possibility of any further I2C replies. > > + */ > > + for (i = 0; i < ARRAY_SIZE(i2cp_cmds); ++i) > > + if (i2cp_cmds[i].data_shutdown) > > + i2cp_cmds[i].data_shutdown(pdata->cmd_data[i]); > > + > > + if (adapter_was_added) > > + i2c_del_adapter(&pdata->i2c_adapter); > > + > > + for (i = 0; i < ARRAY_SIZE(i2cp_cmds); ++i) { > > + if (i2cp_cmds[i].data_destroyer) > > + i2cp_cmds[i].data_destroyer(pdata->cmd_data[i]); > > + pdata->cmd_data[i] = NULL; > > + } > > + > > + i2cp_remove_from_counters(pdata, this_pseudo); > > + kfree(pdata); > > + return 0; > > +} > > + > > +/* The caller must hold pdata->rsp_lock. */ > > +/* Return value is whether or not to continue in calling loop. */ > > +static bool i2cp_cdev_read_iteration(char __user **buf, size_t *count, > > + ssize_t *ret, bool non_blocking, struct i2cp_controller *pdata) > > +{ > > + long wait_ret; > > + ssize_t copy_size; > > + unsigned long copy_ret; > > + struct i2cp_rsp *rsp_wrapper = NULL; > > + > > + /* > > + * If a previous read response buffer has been exhausted, free > > + * it. > > + * > > + * This is done at the beginning of the while(count>0) loop > > + * because...? > > + */ > > + if (pdata->rsp_buf_start && !pdata->rsp_buf_remaining) { > > + kfree(pdata->rsp_buf_start); > > + pdata->rsp_buf_start = NULL; > > + pdata->rsp_buf_pos = NULL; > > + } > > + > > + /* > > + * If we have no formatter callback output queued (neither > > + * successful output nor error), go through the FIFO queue of > > + * read responses until a formatter returns non-zero (successful > > + * output or failure). > > + */ > > + while (pdata->rsp_buf_remaining == 0) { > > + /* > > + * If pdata->rsp_invalidated is true, it means the > > + * previous read() returned an error. Now that the > > + * error has already been propagated to userspace, we > > + * can write the end character for the invalidated read > > + * response. > > + */ > > + if (pdata->rsp_invalidated) { > > + pdata->rsp_invalidated = false; > > + goto write_end_char; > > + } > > + > > + /* If we have already read some bytes successfully, even > > + * if less than requested, we should return as much as > > + * we can without blocking further. Same if we have an > > + * error to return. > > + */ > > + if (non_blocking || *ret != 0) { > > + if (!try_wait_for_completion(&pdata->read_rsp_queued)) { > > + if (*ret == 0) > > + *ret = -EAGAIN; > > + /* > > + * If we are out of read responses, > > + * return whatever we have written to > > + * the userspace buffer so far, even if > > + * it's nothing. > > + */ > > + return false; > > + } > > + } else { > > + wait_ret = wait_for_completion_killable( > > + &pdata->read_rsp_queued); > > + if (wait_ret == -ERESTARTSYS) { > > + if (*ret == 0) > > + *ret = -EINTR; > > + return false; > > + } else if (wait_ret < 0) { > > + if (*ret == 0) > > + *ret = wait_ret; > > + return false; > > + } > > + } > > + > > + mutex_lock(&pdata->read_rsp_queue_lock); > > + if (!list_empty(&pdata->read_rsp_queue_head)) > > + rsp_wrapper = list_first_entry( > > + &pdata->read_rsp_queue_head, > > + struct i2cp_rsp, queue); > > + /* > > + * Avoid holding pdata->read_rsp_queue_lock while > > + * executing a formatter, allocating memory, or doing > > + * anything else that might block or take non-trivial > > + * time. This avoids blocking the enqueuing of new read > > + * responses for any significant time, even during large > > + * controller reads. > > + */ > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + > > + if (!rsp_wrapper) { > > + /* This should only happen if shutdown was requested. */ > > + if (i2cp_adap_get_state(pdata) != > > + I2CP_CTRLR_STATE_SHUTDN_REQ) > > + *ret = -EINVAL; > > + return false; > > + } > > + > > + pdata->rsp_buf_remaining = rsp_wrapper->formatter( > > + rsp_wrapper->data, &pdata->rsp_buf_start); > > + > > + if (pdata->rsp_buf_remaining > 0) { > > + pdata->rsp_buf_pos = pdata->rsp_buf_start; > > + /* > > + * We consumed a completion for this rsp_wrapper > > + * but we are leaving it in > > + * pdata->read_rsp_queue_head. Re-add a > > + * completion for it. > > + * > > + * Since overlapping reads are effectively > > + * serialized via use of pdata->rsp_lock, we > > + * could take shortcuts in how > > + * pdata->read_rsp_queued is used to avoid the > > + * need for re-incrementing it here. However by > > + * maintaining the invariant of consuming a > > + * completion each time an item from > > + * pdata->read_rsp_queue_head is consumed > > + * (whether or not it ends up being removed from > > + * the queue in that iteration), the completion > > + * logic is simpler to follow, and more easily > > + * lends itself to a future refactor of this > > + * read operation to not hold pdata->rsp_lock > > + * continuously. > > + */ > > + complete(&pdata->read_rsp_queued); > > + break; > > + } > > + > > + /* > > + * The formatter should not mutate pdata->rsp_buf_start > > + * if it returned non-positive. Just in case, we handle > > + * such a bug gracefully here. > > + */ > > + kfree(pdata->rsp_buf_start); > > + pdata->rsp_buf_start = NULL; > > + > > + mutex_lock(&pdata->read_rsp_queue_lock); > > + list_del(&rsp_wrapper->queue); > > + --pdata->read_rsp_queue_length; > > + mutex_unlock(&pdata->read_rsp_queue_lock); > > + > > + kfree(rsp_wrapper); > > + rsp_wrapper = NULL; > > + > > + /* Check if the formatter callback returned an error. > > + * > > + * If we have _not_ written any bytes to the userspace > > + * buffer yet, return now with the error code from the > > + * formatter. > > + * > > + * If we _have_ written bytes already, return now with > > + * the number of bytes written, and leave the error code > > + * from the formatter in pdata->rsp_buf_remaining so it > > + * can be returned on the next read, before any bytes > > + * are written. > > + * > > + * In either case, we deliberately return the error > > + * before writing the end character for the invalidated > > + * read response, so that the userspace controller knows > > + * to discard the response. > > + */ > > + if (pdata->rsp_buf_remaining < 0) { > > + if (*ret == 0) { > > + *ret = pdata->rsp_buf_remaining; > > + pdata->rsp_buf_remaining = 0; > > + } > > + pdata->rsp_invalidated = true; > > + return false; > > + } > > + > > + write_end_char: > > + copy_size = sizeof(i2cp_ctrlr_end_char); > > + /* > > + * This assertion is just in case someone changes > > + * i2cp_ctrlr_end_char to a string. Such a change would require > > + * handling it like a read response buffer, including ensuring > > + * that we not write more than *count. So long as it's a single > > + * character, we can avoid an extra check of *count in this code > > + * block, we already know it's greater than zero. > > + */ > > + BUILD_BUG_ON(copy_size != 1); > > + copy_ret = copy_to_user(*buf, &i2cp_ctrlr_end_char, > > + copy_size); > > + copy_size -= copy_ret; > > + /* > > + * After writing to the userspace buffer, we need to > > + * update various counters including the return value, > > + * then continue from the start of the outer while loop > > + * because it's possible *count has reached zero. > > + * > > + * Those exact same steps must be done after copying > > + * from a read response buffer to the userspace buffer, > > + * so jump to that code instead of duplicating it. > > + */ > > + goto after_copy_to_user; > > + } > > + > > + copy_size = max_t(ssize_t, 0, > > + min_t(ssize_t, *count, pdata->rsp_buf_remaining)); > > + copy_ret = copy_to_user(*buf, pdata->rsp_buf_pos, copy_size); > > + copy_size -= copy_ret; > > + pdata->rsp_buf_remaining -= copy_size; > > + > > + if (pdata->rsp_buf_remaining > 0) { > > + pdata->rsp_buf_pos += copy_size; > > + } else { > > + kfree(pdata->rsp_buf_start); > > + pdata->rsp_buf_start = NULL; > > + pdata->rsp_buf_pos = NULL; > > + } > > + > > + /* > > + * When jumping here, the following variables should be set: > > + * copy_ret: Return value from copy_to_user() (bytes not copied). > > + * copy_size: The number of bytes successfully copied by copy_to_user(). In > > + * other words, this should be the size arg to copy_to_user() minus its > > + * return value (bytes not copied). > > + */ > > + after_copy_to_user: > > + *ret += copy_size; > > + *count -= copy_size; > > + *buf += copy_size; > > + > > + return !copy_ret; > > +} > > + > > +static ssize_t i2cp_cdev_read(struct file *filep, char __user *buf, > > + size_t count, loff_t *f_ps) > > +{ > > + ssize_t ret = 0; > > + bool non_blocking; > > + struct i2cp_controller *pdata; > > + > > + /* > > + * Just in case this could change out from under us, best to keep a > > + * consistent view for the duration of this syscall. > > + */ > > + non_blocking = !!(filep->f_flags & O_NONBLOCK); > > + pdata = filep->private_data; > > + > > + if (count > (size_t)I2CP_RW_SIZE_LIMIT) > > + count = I2CP_RW_SIZE_LIMIT; > > + > > + /* > > + * Since read() calls are effectively serialized by way of > > + * pdata->rsp_lock, we MUST NOT block on obtaining that lock if in > > + * non-blocking mode, because it might be held by a blocking read(). > > + */ > > + if (!non_blocking) > > + mutex_lock(&pdata->rsp_lock); > > + else if (!mutex_trylock(&pdata->rsp_lock)) > > + return -EAGAIN; > > + > > + /* > > + * Check if a formatter callback returned an error that hasn't yet been > > + * returned to the controller. Do this before the while(count>0) loop > > + * because read(2) with zero count is allowed to report errors. > > + */ > > + if (pdata->rsp_buf_remaining < 0) { > > + BUILD_BUG_ON(ret != 0); > > + ret = pdata->rsp_buf_remaining; > > + pdata->rsp_buf_remaining = 0; > > + goto unlock; > > + } > > + > > + while (count > 0 && i2cp_cdev_read_iteration( > > + &buf, &count, &ret, non_blocking, pdata)) > > + ; > > + > > + unlock: > > + mutex_unlock(&pdata->rsp_lock); > > + return ret; > > +} > > + > > +/* Must be called with pdata->cmd_lock held. */ > > +/* Must never consume past first i2cp_ctrlr_end_char in @start. */ > > +static ssize_t i2cp_receive_ctrlr_cmd_header( > > + struct i2cp_controller *pdata, char *start, size_t remaining, > > + bool non_blocking) > > +{ > > + int found_deliminator_char = 0; > > + int i, cmd_idx; > > + ssize_t copy_size, ret = 0, stop, buf_remaining; > > + > > + buf_remaining = I2CP_CTRLR_CMD_LIMIT - pdata->cmd_size; > > + stop = min_t(ssize_t, remaining, buf_remaining + 1); > > + > > + for (i = 0; i < stop; ++i) > > + if (start[i] == i2cp_ctrlr_end_char || > > + start[i] == i2cp_ctrlr_header_sep_char) { > > + found_deliminator_char = 1; > > + break; > > + } > > + > > + if (i <= buf_remaining) { > > + copy_size = i; > > + } else { > > + copy_size = buf_remaining; > > + if (!pdata->cmd_receive_status) > > + /* > > + * Exceeded max size of I2C pseudo controller command > > + * buffer. The command currently being written will be > > + * ignored. > > + * > > + * Positive error number is deliberate here. > > + */ > > + pdata->cmd_receive_status = ENOBUFS; > > + } > > + > > + memcpy(&pdata->cmd_buf[pdata->cmd_size], start, copy_size); > > + pdata->cmd_size += copy_size; > > + > > + if (!found_deliminator_char || pdata->cmd_size <= 0) > > + return copy_size + found_deliminator_char; > > + > > + /* This may be negative. */ > > + cmd_idx = pdata->cmd_idx_plus_one - 1; > > + > > + if (cmd_idx < 0) { > > + for (i = 0; i < ARRAY_SIZE(i2cp_cmds); ++i) > > + if (i2cp_cmds[i].cmd_size == pdata->cmd_size && > > + !memcmp(i2cp_cmds[i].cmd_string, pdata->cmd_buf, > > + pdata->cmd_size)) > > + break; > > + if (i >= ARRAY_SIZE(i2cp_cmds)) { > > + /* unrecognized command */ > > + ret = -EIO; > > + goto clear_buffer; > > + } > > + cmd_idx = i; > > + pdata->cmd_idx_plus_one = cmd_idx + 1; > > + } > > + > > + /* > > + * If we have write bytes queued and we encountered i2cp_ctrlr_end_char > > + * or i2cp_ctrlr_header_sep_char, invoke the header_receiver callback. > > + */ > > + if (!pdata->cmd_receive_status) { > > + ret = i2cp_cmds[cmd_idx].header_receiver( > > + pdata->cmd_data[cmd_idx], pdata->cmd_buf, > > + pdata->cmd_size, non_blocking); > > + if (ret > 0) { > > + if (ret > I2CP_CTRLR_CMD_LIMIT) { > > + ret = -EINVAL; > > + goto clear_buffer; > > + } > > + pdata->cmd_data_increment = ret; > > + } else if (ret < 0) { > > + pdata->cmd_receive_status = ret; > > + } > > + } > > + > > + clear_buffer: > > + pdata->cmd_size = 0; > > + /* > > + * Ensure a trailing null character for the next header_receiver() or > > + * data_receiver() invocation. > > + */ > > + memset(pdata->cmd_buf, 0, sizeof(pdata->cmd_buf)); > > + > > + if (ret < 0) { > > + if (pdata->cmd_idx_plus_one >= 1 && !pdata->cmd_receive_status) > > + /* Negate to get a positive error number. */ > > + pdata->cmd_receive_status = -ret; > > + return ret; > > + } > > + return copy_size + found_deliminator_char; > > +} > > + > > +/* Must be called with pdata->cmd_lock held. */ > > +/* Must never consume past first i2cp_ctrlr_end_char in @start. */ > > +static ssize_t i2cp_receive_ctrlr_cmd_data(struct i2cp_controller *pdata, > > + char *start, size_t remaining, bool non_blocking) > > +{ > > + ssize_t i, ret, size_holder; > > + int cmd_idx; > > + > > + /* If cmd_idx ends up negative here, it is a bug. */ > > + cmd_idx = pdata->cmd_idx_plus_one - 1; > > + if (cmd_idx < 0) > > + return -EINVAL; > > + > > + size_holder = min_t(size_t, > > + (I2CP_CTRLR_CMD_LIMIT - > > + (I2CP_CTRLR_CMD_LIMIT % pdata->cmd_data_increment)) - > > + pdata->cmd_size, > > + (((pdata->cmd_size + remaining) / > > + pdata->cmd_data_increment) * > > + pdata->cmd_data_increment) - pdata->cmd_size); > > + > > + /* Size of current buffer plus all remaining write bytes. */ > > + size_holder = pdata->cmd_size + remaining; > > + /* > > + * Avoid rounding down to zero. If there are insufficient write > > + * bytes remaining to grow the buffer to 1x of the requested > > + * data byte increment, we'll copy what is available to the > > + * buffer, and just leave it queued without any further command > > + * handler invocations in this write() (unless i2cp_ctrlr_end_char is > > + * found, in which case we will always invoke the data_receiver for any > > + * remaining data bytes, and will always invoke the cmd_completer). > > + */ > > + if (size_holder > pdata->cmd_data_increment) > > + /* > > + * Round down to the nearest multiple of the requested > > + * data byte increment. > > + */ > > + size_holder -= size_holder % pdata->cmd_data_increment; > > + /* > > + * Take the smaller of: > > + * > > + * [A] 2nd min_t() arg: The number of bytes that we would want the > > + * buffer to end up with if it had unlimited space (computed > > + * above). > > + * > > + * [B] 3rd min_t() arg: The number of bytes that we would want the > > + * buffer to end up with if there were unlimited write bytes > > + * remaining (computed in-line below). > > + */ > > + size_holder = min_t(ssize_t, size_holder, (I2CP_CTRLR_CMD_LIMIT - ( > > + I2CP_CTRLR_CMD_LIMIT % pdata->cmd_data_increment))); > > + /* > > + * Subtract the existing buffer size to get the number of bytes we > > + * actually want to copy from the remaining write bytes in this loop > > + * iteration, assuming no i2cp_ctrlr_end_char. > > + */ > > + size_holder -= pdata->cmd_size; > > + > > + /* > > + * Look for i2cp_ctrlr_end_char. If we find it, we will copy up to but > > + * *not* including its position. > > + */ > > + for (i = 0; i < size_holder; ++i) > > + if (start[i] == i2cp_ctrlr_end_char) > > + break; > > + > > + /* Copy from the remaining write bytes to the command buffer. */ > > + memcpy(&pdata->cmd_buf[pdata->cmd_size], start, i); > > + pdata->cmd_size += i; > > + > > + /* > > + * If we have write bytes queued and *either* we encountered > > + * i2cp_ctrlr_end_char *or* we have a multiple of > > + * pdata->cmd_data_increment, invoke the data_receiver callback. > > + */ > > + if (pdata->cmd_size > 0 && > > + (i < size_holder || > > + pdata->cmd_size % pdata->cmd_data_increment == 0)) { > > + if (!pdata->cmd_receive_status) { > > + ret = i2cp_cmds[cmd_idx].data_receiver( > > + pdata->cmd_data[cmd_idx], pdata->cmd_buf, > > + pdata->cmd_size, non_blocking); > > + if (ret < 0) > > + pdata->cmd_receive_status = ret; > > + } > > + pdata->cmd_size = 0; > > + /* > > + * Ensure a trailing null character for the next > > + * header_receiver() or data_receiver() invocation. > > + */ > > + memset(pdata->cmd_buf, 0, sizeof(pdata->cmd_buf)); > > + } > > + > > + /* If i2cp_ctrlr_end_char was found, skip past it. */ > > + if (i < size_holder) > > + ++i; > > + return i; > > +} > > + > > +/* Must be called with pdata->cmd_lock held. */ > > +static int i2cp_receive_ctrlr_cmd_complete(struct i2cp_controller *pdata, > > + bool non_blocking) > > +{ > > + int ret = 0, cmd_idx; > > + > > + /* This may be negative. */ > > + cmd_idx = pdata->cmd_idx_plus_one - 1; > > + > > + if (cmd_idx >= 0 && i2cp_cmds[cmd_idx].cmd_completer) { > > + ret = i2cp_cmds[cmd_idx].cmd_completer(pdata->cmd_data[cmd_idx], > > + pdata, pdata->cmd_receive_status, non_blocking); > > + if (ret > 0) > > + ret = 0; > > + } > > + > > + pdata->cmd_idx_plus_one = 0; > > + pdata->cmd_receive_status = 0; > > + pdata->cmd_data_increment = 0; > > + > > + pdata->cmd_size = 0; > > + /* > > + * Ensure a trailing null character for the next header_receiver() or > > + * data_receiver() invocation. > > + */ > > + memset(pdata->cmd_buf, 0, sizeof(pdata->cmd_buf)); > > + > > + return ret; > > +} > > + > > +static ssize_t i2cp_cdev_write(struct file *filep, const char __user *buf, > > + size_t count, loff_t *f_ps) > > +{ > > + ssize_t ret = 0; > > + bool non_blocking; > > + size_t remaining; > > + char *kbuf, *start; > > + struct i2cp_controller *pdata; > > + > > + /* > > + * Just in case this could change out from under us, best to keep a > > + * consistent view for the duration of this syscall. > > + * > > + * Write command implementations, i.e. struct i2cp_cmd implementations, > > + * do NOT have to support blocking writes. For example, if a write of > > + * an I2C message reply is received for a message that the pseudo > > + * adapter never requested or expected, it makes more sense to indicate > > + * an error than to block until possibly receiving a master_xfer request > > + * for that I2C message, even if blocking is permitted. > > + * > > + * Furthermore, controller writes MUST NEVER block indefinitely, even > > + * when non_blocking is false. E.g. while non_blocking may be used to > > + * select between mutex_trylock and mutex_lock*, even in the > > + * latter case the lock should never be blocked on I/O, on userspace, or > > + * on anything else outside the control of this driver. It IS > > + * permissable for the lock to be blocked on processing of previous or > > + * concurrent write input, so long as that processing does not violate > > + * these rules. > > + */ > > + non_blocking = !!(filep->f_flags & O_NONBLOCK); > > + pdata = filep->private_data; > > + > > + if (count > (size_t)I2CP_RW_SIZE_LIMIT) > > + count = I2CP_RW_SIZE_LIMIT; > > + > > + kbuf = kzalloc(count, GFP_KERNEL); > > + if (!kbuf) { > > + ret = -ENOMEM; > > + goto free_kbuf; > > + } > > + if (copy_from_user(kbuf, buf, count)) { > > + ret = -EFAULT; > > + goto free_kbuf; > > + } > > + > > + start = kbuf; > > + remaining = count; > > + > > + /* > > + * Since write() calls are effectively serialized by way of > > + * pdata->cmd_lock, we MUST NOT block on obtaining that lock if in > > + * non-blocking mode, because it might be held by a blocking write(). > > + */ > > + if (!non_blocking) { > > + mutex_lock(&pdata->cmd_lock); > > + } else if (!mutex_trylock(&pdata->cmd_lock)) { > > + ret = -EAGAIN; > > + goto free_kbuf; > > + } > > + > > + while (remaining) { > > + if (pdata->cmd_data_increment <= 0) > > + ret = i2cp_receive_ctrlr_cmd_header( > > + pdata, start, remaining, non_blocking); > > + else > > + ret = i2cp_receive_ctrlr_cmd_data( > > + pdata, start, remaining, non_blocking); > > + if (ret < 0) > > + break; > > + if (ret == 0 || ret > remaining) { > > + ret = -EINVAL; > > + break; > > + } > > + > > + remaining -= ret; > > + start += ret; > > + > > + if (ret > 0 && start[-1] == i2cp_ctrlr_end_char) { > > + ret = i2cp_receive_ctrlr_cmd_complete( > > + pdata, non_blocking); > > + if (ret < 0) > > + break; > > + } > > + } > > + > > + mutex_unlock(&pdata->cmd_lock); > > + wake_up_interruptible_sync(&pdata->poll_wait_queue); > > + > > + if (ret >= 0) > > + /* If successful the whole write is always consumed. */ > > + ret = count; > > + > > + free_kbuf: > > + kfree(kbuf); > > + return ret; > > +} > > + > > +/* > > + * The select/poll/epoll implementation in this module is designed around these > > + * controller behavior assumptions: > > + * > > + * - If any reader of a given controller makes use of polling, all will. > > + * > > + * - Upon notification of available data to read, a reader will fully consume it > > + * in a read() loop until receiving EAGAIN, EWOULDBLOCK, or EOF. > > + * > > + * - Only one reader need be woken upon newly available data, however it is okay > > + * if more than one are sometimes woken. > > + * > > + * - If more than one reader is woken, or otherwise acts in parallel, it is the > > + * responsibility of the readers to either ensure that only one at a time > > + * consumes all input until EAGAIN/EWOULDBLOCK, or that they properly > > + * recombine any data that was split among them. > > + * > > + * - All of the above applies to writers as well. > > + * > > + * Notes: > > + * > > + * - If a reader does not read all available data until EAGAIN/EWOULDBLOCK after > > + * being woken from poll, there may be no wake event for the remaining > > + * available data, causing it to remain unread until further data becomes > > + * available and triggers another wake event. The same applies to writers - > > + * they are only guaranteed to be woken /once/ per blocked->unblocked > > + * transition, so after being woken they should continue writing until either > > + * the controller is out of data or EAGAIN/EWOULDBLOCK is encountered. > > + * > > + * - It is strongly suggested that controller implementations have only one > > + * reader (thread) and one writer (thread), which may or may not be the same > > + * thread. After all only one message can be active on an I2C bus at a time, > > + * and this driver implementation reflects that. Avoiding multiple readers > > + * and multiple writers greatly simplifies controller implementation, and > > + * there is likely nothing to be gained from performing any of their work in > > + * parallel. > > + * > > + * - Implementation detail: Reads are effectively serialized by a per controller > > + * read lock. From the perspective of other readers, the controller device > > + * will appear blocked, with appropriate behavior based on the O_NONBLOCK bit. > > + * THIS IS SUBJECT TO CHANGE! > > + * > > + * - Implementation detail: Writes are effectively serialized by a per > > + * controller write lock. From the perspective of other writers, the > > + * controller device will appear blocked, with appropriate behavior based on > > + * the O_NONBLOCK bit. THIS IS SUBJECT TO CHANGE! > > + * > > + * - Implementation detail: In the initial implementation, the only scenario > > + * where a controller will appear blocked for writes is if another write is in > > + * progress. Thus, a single writer should never see the device blocked. THIS > > + * IS SUBJECT TO CHANGE! When using O_NONBLOCK, a controller should correctly > > + * handle EAGAIN/EWOULDBLOCK even if it has only one writer. > > + */ > > +static __poll_t i2cp_cdev_poll(struct file *filep, poll_table *ptp) > > +{ > > + __poll_t poll_ret = 0; > > + struct i2cp_controller *pdata; > > + > > + pdata = filep->private_data; > > + > > + poll_wait(filep, &pdata->poll_wait_queue, ptp); > > + > > + if (mutex_trylock(&pdata->rsp_lock)) { > > + if (i2cp_poll_in(pdata)) > > + poll_ret |= POLLIN | POLLRDNORM; > > + mutex_unlock(&pdata->rsp_lock); > > + } > > + > > + if (!mutex_is_locked(&pdata->cmd_lock)) > > + poll_ret |= POLLOUT | POLLWRNORM; > > + > > + if (i2cp_adap_get_state(pdata) == I2CP_CTRLR_STATE_SHUTDN_REQ) > > + poll_ret |= POLLHUP; > > + > > + return poll_ret; > > +} > > + > > +static const struct file_operations i2cp_fileops = { > > + .owner = THIS_MODULE, > > + .open = i2cp_cdev_open, > > + .release = i2cp_cdev_release, > > + .read = i2cp_cdev_read, > > + .write = i2cp_cdev_write, > > + .poll = i2cp_cdev_poll, > > + .llseek = no_llseek, > > +}; > > + > > +static ssize_t i2cp_limit_show(struct device *dev, > > + struct device_attribute *attr, char *buf) > > +{ > > + int ret; > > + > > + ret = snprintf(buf, PAGE_SIZE, "%u\n", i2cp_limit); > > + if (ret >= PAGE_SIZE) > > + return -ERANGE; > > + return ret; > > +} > > + > > +static struct device_attribute i2cp_limit_dev_attr = { > > + .attr = { > > + .name = "limit", > > + .mode = 0444, > > + }, > > + .show = i2cp_limit_show, > > +}; > > + > > +static ssize_t i2cp_count_show(struct device *dev, > > + struct device_attribute *attr, char *buf) > > +{ > > + int count, ret; > > + struct i2cp_device *this_pseudo; > > + > > + this_pseudo = container_of(dev, struct i2cp_device, device); > > + > > + mutex_lock(&this_pseudo->counters.lock); > > + count = this_pseudo->counters.count; > > + mutex_unlock(&this_pseudo->counters.lock); > > + > > + ret = snprintf(buf, PAGE_SIZE, "%u\n", count); > > + if (ret >= PAGE_SIZE) > > + return -ERANGE; > > + return ret; > > +} > > + > > +static struct device_attribute i2cp_count_dev_attr = { > > + .attr = { > > + .name = "count", > > + .mode = 0444, > > + }, > > + .show = i2cp_count_show, > > +}; > > + > > +static struct attribute *i2cp_device_sysfs_attrs[] = { > > + &i2cp_limit_dev_attr.attr, > > + &i2cp_count_dev_attr.attr, > > + NULL, > > +}; > > + > > +static const struct attribute_group i2cp_device_sysfs_group = { > > + .attrs = i2cp_device_sysfs_attrs, > > +}; > > + > > +static const struct attribute_group *i2cp_device_sysfs_groups[] = { > > + &i2cp_device_sysfs_group, > > + NULL, > > +}; > > + > > +static void i2c_p_device_release(struct device *dev) > > +{ > > + struct i2cp_device *this_pseudo; > > + > > + this_pseudo = container_of(dev, struct i2cp_device, device); > > + kfree(this_pseudo->counters.all_controllers); > > + kfree(this_pseudo); > > +} > > + > > +static inline void i2c_p_class_destroy(void) > > +{ > > + struct class *class; > > + > > + class = i2cp_class; > > + i2cp_class = NULL; > > + class_destroy(class); > > +} > > + > > +static int __init i2cp_init(void) > > +{ > > + int ret = -1; > > + > > + if (i2cp_limit < I2CP_ADAPTERS_MIN || i2cp_limit > I2CP_ADAPTERS_MAX) { > > + pr_err("%s: i2cp_limit=%u, must be in range [" > > + STR(I2CP_ADAPTERS_MIN) ", " STR(I2CP_ADAPTERS_MAX) > > + "]\n", __func__, i2cp_limit); > > + return -EINVAL; > > + } > > + > > + i2cp_class = class_create(THIS_MODULE, I2CP_CLASS_NAME); > > + if (IS_ERR(i2cp_class)) > > + return PTR_ERR(i2cp_class); > > + > > + i2cp_class->dev_groups = i2cp_device_sysfs_groups; > > + > > + ret = alloc_chrdev_region(&i2cp_dev_num, I2CP_CDEV_BASEMINOR, > > + I2CP_CDEV_COUNT, I2CP_CHRDEV_NAME); > > + if (ret < 0) > > + goto fail_after_class_create; > > + > > + i2cp_device = kzalloc(sizeof(*i2cp_device), GFP_KERNEL); > > + if (!i2cp_device) { > > + ret = -ENOMEM; > > + goto fail_after_chrdev_register; > > + } > > + > > + i2cp_device->device.devt = i2cp_dev_num; > > + i2cp_device->device.class = i2cp_class; > > + i2cp_device->device.release = i2c_p_device_release; > > + device_initialize(&i2cp_device->device); > > + > > + ret = dev_set_name(&i2cp_device->device, "%s", I2CP_DEVICE_NAME); > > + if (ret < 0) > > + goto fail_after_device_init; > > + > > + mutex_init(&i2cp_device->counters.lock); > > + i2cp_device->counters.all_controllers = kcalloc(i2cp_limit, > > + sizeof(*i2cp_device->counters.all_controllers), GFP_KERNEL); > > + if (!i2cp_device->counters.all_controllers) { > > + ret = -ENOMEM; > > + goto fail_after_device_init; > > + } > > + > > + cdev_init(&i2cp_device->cdev, &i2cp_fileops); > > + i2cp_device->cdev.owner = THIS_MODULE; > > + > > + ret = cdev_device_add(&i2cp_device->cdev, &i2cp_device->device); > > + if (ret < 0) > > + goto fail_after_device_init; > > + > > + return 0; > > + > > + fail_after_device_init: > > + put_device(&i2cp_device->device); > > + fail_after_chrdev_register: > > + unregister_chrdev_region(i2cp_dev_num, I2CP_CDEV_COUNT); > > + fail_after_class_create: > > + i2c_p_class_destroy(); > > + return ret; > > +} > > + > > +static void __exit i2cp_exit(void) > > +{ > > + cdev_device_del(&i2cp_device->cdev, &i2cp_device->device); > > + put_device(&i2cp_device->device); > > + unregister_chrdev_region(i2cp_dev_num, I2CP_CDEV_COUNT); > > + i2c_p_class_destroy(); > > +} > > + > > +MODULE_AUTHOR("Matthew Blecker <matthewb@xxxxxxxxxxxxxxxx"); > > +MODULE_DESCRIPTION("Driver for userspace I2C adapter implementations."); > > +MODULE_LICENSE("GPL"); > > + > > +module_init(i2cp_init); > > +module_exit(i2cp_exit);
