On 23-03-21, 14:31, Viresh Kumar wrote:
> On 23-03-21, 22:19, Jie Deng wrote:
> > +static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > +{
> > + struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > + struct virtqueue *vq = vi->vq;
> > + struct virtio_i2c_req *reqs;
> > + unsigned long time_left;
> > + int ret, nr;
> > +
> > + reqs = kcalloc(num, sizeof(*reqs), GFP_KERNEL);
> > + if (!reqs)
> > + return -ENOMEM;
> > +
> > + mutex_lock(&vi->lock);
> > +
> > + ret = virtio_i2c_send_reqs(vq, reqs, msgs, num);
> > + if (ret == 0)
> > + goto err_unlock_free;
> > +
> > + nr = ret;
> > + reinit_completion(&vi->completion);
>
> I think I may have found a possible bug here. This reinit_completion() must
> happen before we call virtio_i2c_send_reqs(). It is certainly possible (surely
> in corner cases) that virtio_i2c_msg_done() may get called right after
> virtio_i2c_send_reqs() and before we were able to call reinit_completion(). And
> in that case we will never see the completion happen at all.
>
> > + virtqueue_kick(vq);
I may have misread this. Can the actually start before virtqueue_kick() is
called ? If not, then completion may be fine where it is.
--
viresh
