1. msgbuf1 definition: unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX+2];
2. msgbuf1 initial initialization:
status = __i2c_transfer(adapter, msg, nmsgs);
3. msgbuf1 data return:
if (read_write == I2C_SMBUS_READ)
case I2C_SMBUS_BYTE_DATA:
data->byte = msgbuf1[0];
break;
case I2C_SMBUS_WORD_DATA:
case I2C_SMBUS_PROC_CALL:
data->word = msgbuf1[0] | (msgbuf1[1] << 8);
break;
Based on the original logic reference, the following situation is analyzed:
- Under normal circumstances:
The master device sends data reading action, obtains data through __i2c_transfer and hardware controller driver,
initializes msfbuf1 data in msg, and returns the obtained data.
- In this case, the I2C secondary device is a pluggable battery
When the I2C bus is transmitting normally, the slave device is abnormally disconnected (the battery is removed).
According to the I2C protocol, the entire process cannot receive an ACK, resulting in communication interruption.
If the I2C controller driver does not do exception handling, __i2c_transfer returns with msbuf1's uninitialized data (random data).
Therefore, when i2c_smbus_xfer_emulated uses the random data of msgbuf1, the back-end data is also abnormal.
Signed-off-by: guoqi0226 <guoqi0226@xxxxxxx>
---
drivers/i2c/i2c-core-smbus.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index e3b96fc..f7b0980d 100644
--- a/drivers/i2c/i2c-core-smbus.c
+++ b/drivers/i2c/i2c-core-smbus.c
@@ -351,6 +351,8 @@ static s32 i2c_smbus_xfer_emulated(struct i2c_adapter *adapter, u16 addr,
bool wants_pec = ((flags & I2C_CLIENT_PEC) && size != I2C_SMBUS_QUICK
&& size != I2C_SMBUS_I2C_BLOCK_DATA);
+ memset(msgbuf0, 0, sizeof(msgbuf0));
+ memset(msgbuf1, 0, sizeof(msgbuf1));
msgbuf0[0] = command;
switch (size) {
case I2C_SMBUS_QUICK:
--
2.7.4
