Bug Summary

File:drivers/i2c/i2c-dev.c
Warning:line 409, column 7
Copies out a struct with a union element with different sizes

Annotated Source Code

1/*
2 i2c-dev.c - i2c-bus driver, char device interface
3
4 Copyright (C) 1995-97 Simon G. Vogl
5 Copyright (C) 1998-99 Frodo Looijaard <[email protected]>
6 Copyright (C) 2003 Greg Kroah-Hartman <[email protected]>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17*/
18
19/* Note that this is a complete rewrite of Simon Vogl's i2c-dev module.
20 But I have used so much of his original code and ideas that it seems
21 only fair to recognize him as co-author -- Frodo */
22
23/* The I2C_RDWR ioctl code is written by Kolja Waschk <[email protected]> */
24
25#include <linux1/cdev.h>
26#include <linux1/device.h>
27#include <linux1/fs.h>
28#include <linux1/i2c-dev.h>
29#include <linux1/i2c.h>
30#include <linux1/init.h>
31#include <linux1/jiffies.h>
32#include <linux1/kernel.h>
33#include <linux1/list.h>
34#include <linux1/module.h>
35#include <linux1/notifier.h>
36#include <linux1/slab.h>
37#include <linux1/uaccess.h>
38
39/*
40 * An i2c_dev represents an i2c_adapter ... an I2C or SMBus master, not a
41 * slave (i2c_client) with which messages will be exchanged. It's coupled
42 * with a character special file which is accessed by user mode drivers.
43 *
44 * The list of i2c_dev structures is parallel to the i2c_adapter lists
45 * maintained by the driver model, and is updated using bus notifications.
46 */
47struct i2c_dev {
48 struct list_head list;
49 struct i2c_adapter *adap;
50 struct device *dev;
51 struct cdev cdev;
52};
53
54#define I2C_MINORS((1U << 20) - 1) MINORMASK((1U << 20) - 1)
55static LIST_HEAD(i2c_dev_list)struct list_head i2c_dev_list = { &(i2c_dev_list), &(
i2c_dev_list) };
56static DEFINE_SPINLOCK(i2c_dev_list_lock)spinlock_t i2c_dev_list_lock = (spinlock_t ) { { .rlock = { .
raw_lock = { { (0) } }, .magic = 0xdead4ead, .owner_cpu = -1,
.owner = ((void *)-1L), .dep_map = { .name = "i2c_dev_list_lock"
} } } };
57
58static struct i2c_dev *i2c_dev_get_by_minor(unsigned index)
59{
60 struct i2c_dev *i2c_dev;
61
62 spin_lock(&i2c_dev_list_lock);
63 list_for_each_entry(i2c_dev, &i2c_dev_list, list)for (i2c_dev = ({ const typeof( ((typeof(*i2c_dev) *)0)->list
) *__mptr = ((&i2c_dev_list)->next); (typeof(*i2c_dev
) *)( (char *)__mptr - __builtin_offsetof(typeof(*i2c_dev), list
) );}); &i2c_dev->list != (&i2c_dev_list); i2c_dev
= ({ const typeof( ((typeof(*(i2c_dev)) *)0)->list ) *__mptr
= ((i2c_dev)->list.next); (typeof(*(i2c_dev)) *)( (char *
)__mptr - __builtin_offsetof(typeof(*(i2c_dev)), list) );})) {
64 if (i2c_dev->adap->nr == index)
65 goto found;
66 }
67 i2c_dev = NULL((void *)0);
68found:
69 spin_unlock(&i2c_dev_list_lock);
70 return i2c_dev;
71}
72
73static struct i2c_dev *get_free_i2c_dev(struct i2c_adapter *adap)
74{
75 struct i2c_dev *i2c_dev;
76
77 if (adap->nr >= I2C_MINORS((1U << 20) - 1)) {
78 printk(KERN_ERR"\001" "3" "i2c-dev: Out of device minors (%d)\n",
79 adap->nr);
80 return ERR_PTR(-ENODEV19);
81 }
82
83 i2c_dev = kzalloc(sizeof(*i2c_dev), GFP_KERNEL((( gfp_t)(0x400000u|0x2000000u)) | (( gfp_t)0x40u) | (( gfp_t
)0x80u)));
84 if (!i2c_dev)
85 return ERR_PTR(-ENOMEM12);
86 i2c_dev->adap = adap;
87
88 spin_lock(&i2c_dev_list_lock);
89 list_add_tail(&i2c_dev->list, &i2c_dev_list);
90 spin_unlock(&i2c_dev_list_lock);
91 return i2c_dev;
92}
93
94static void put_i2c_dev(struct i2c_dev *i2c_dev)
95{
96 spin_lock(&i2c_dev_list_lock);
97 list_del(&i2c_dev->list);
98 spin_unlock(&i2c_dev_list_lock);
99 kfree(i2c_dev);
100}
101
102static ssize_t name_show(struct device *dev,
103 struct device_attribute *attr, char *buf)
104{
105 struct i2c_dev *i2c_dev = i2c_dev_get_by_minor(MINOR(dev->devt)((unsigned int) ((dev->devt) & ((1U << 20) - 1))
));
106
107 if (!i2c_dev)
108 return -ENODEV19;
109 return sprintf(buf, "%s\n", i2c_dev->adap->name);
110}
111static DEVICE_ATTR_RO(name)struct device_attribute dev_attr_name = { .attr = { .name = "name"
, .mode = (00400|00040|00004) }, .show = name_show, };
112
113static struct attribute *i2c_attrs[] = {
114 &dev_attr_name.attr,
115 NULL((void *)0),
116};
117ATTRIBUTE_GROUPS(i2c)static const struct attribute_group i2c_group = { .attrs = i2c_attrs
, }; static const struct attribute_group *i2c_groups[] = { &
i2c_group, ((void *)0), };
118
119/* ------------------------------------------------------------------------- */
120
121/*
122 * After opening an instance of this character special file, a file
123 * descriptor starts out associated only with an i2c_adapter (and bus).
124 *
125 * Using the I2C_RDWR ioctl(), you can then *immediately* issue i2c_msg
126 * traffic to any devices on the bus used by that adapter. That's because
127 * the i2c_msg vectors embed all the addressing information they need, and
128 * are submitted directly to an i2c_adapter. However, SMBus-only adapters
129 * don't support that interface.
130 *
131 * To use read()/write() system calls on that file descriptor, or to use
132 * SMBus interfaces (and work with SMBus-only hosts!), you must first issue
133 * an I2C_SLAVE (or I2C_SLAVE_FORCE) ioctl. That configures an anonymous
134 * (never registered) i2c_client so it holds the addressing information
135 * needed by those system calls and by this SMBus interface.
136 */
137
138static ssize_t i2cdev_read(struct file *file, char __user *buf, size_t count,
139 loff_t *offset)
140{
141 char *tmp;
142 int ret;
143
144 struct i2c_client *client = file->private_data;
145
146 if (count > 8192)
147 count = 8192;
148
149 tmp = kmalloc(count, GFP_KERNEL((( gfp_t)(0x400000u|0x2000000u)) | (( gfp_t)0x40u) | (( gfp_t
)0x80u)));
150 if (tmp == NULL((void *)0))
151 return -ENOMEM12;
152
153 pr_debug("i2c-dev: i2c-%d reading %zu bytes.\n",do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: i2c-%d reading %zu bytes.\n"), .lineno = 154
, .flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_pr_debug(&descriptor, "i2c-dev: i2c-%d reading %zu bytes.\n"
, iminor(file_inode(file)), count); } while (0)
154 iminor(file_inode(file)), count)do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: i2c-%d reading %zu bytes.\n"), .lineno = 154
, .flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_pr_debug(&descriptor, "i2c-dev: i2c-%d reading %zu bytes.\n"
, iminor(file_inode(file)), count); } while (0);
155
156 ret = i2c_master_recv(client, tmp, count);
157 if (ret >= 0)
158 ret = copy_to_user(buf, tmp, count) ? -EFAULT14 : ret;
159 kfree(tmp);
160 return ret;
161}
162
163static ssize_t i2cdev_write(struct file *file, const char __user *buf,
164 size_t count, loff_t *offset)
165{
166 int ret;
167 char *tmp;
168 struct i2c_client *client = file->private_data;
169
170 if (count > 8192)
171 count = 8192;
172
173 tmp = memdup_user(buf, count);
174 if (IS_ERR(tmp))
175 return PTR_ERR(tmp);
176
177 pr_debug("i2c-dev: i2c-%d writing %zu bytes.\n",do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: i2c-%d writing %zu bytes.\n"), .lineno = 178
, .flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_pr_debug(&descriptor, "i2c-dev: i2c-%d writing %zu bytes.\n"
, iminor(file_inode(file)), count); } while (0)
178 iminor(file_inode(file)), count)do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: i2c-%d writing %zu bytes.\n"), .lineno = 178
, .flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_pr_debug(&descriptor, "i2c-dev: i2c-%d writing %zu bytes.\n"
, iminor(file_inode(file)), count); } while (0);
179
180 ret = i2c_master_send(client, tmp, count);
181 kfree(tmp);
182 return ret;
183}
184
185static int i2cdev_check(struct device *dev, void *addrp)
186{
187 struct i2c_client *client = i2c_verify_client(dev);
188
189 if (!client || client->addr != *(unsigned int *)addrp)
190 return 0;
191
192 return dev->driver ? -EBUSY16 : 0;
193}
194
195/* walk up mux tree */
196static int i2cdev_check_mux_parents(struct i2c_adapter *adapter, int addr)
197{
198 struct i2c_adapter *parent = i2c_parent_is_i2c_adapter(adapter);
199 int result;
200
201 result = device_for_each_child(&adapter->dev, &addr, i2cdev_check);
202 if (!result && parent)
203 result = i2cdev_check_mux_parents(parent, addr);
204
205 return result;
206}
207
208/* recurse down mux tree */
209static int i2cdev_check_mux_children(struct device *dev, void *addrp)
210{
211 int result;
212
213 if (dev->type == &i2c_adapter_type)
214 result = device_for_each_child(dev, addrp,
215 i2cdev_check_mux_children);
216 else
217 result = i2cdev_check(dev, addrp);
218
219 return result;
220}
221
222/* This address checking function differs from the one in i2c-core
223 in that it considers an address with a registered device, but no
224 driver bound to it, as NOT busy. */
225static int i2cdev_check_addr(struct i2c_adapter *adapter, unsigned int addr)
226{
227 struct i2c_adapter *parent = i2c_parent_is_i2c_adapter(adapter);
228 int result = 0;
229
230 if (parent)
231 result = i2cdev_check_mux_parents(parent, addr);
232
233 if (!result)
234 result = device_for_each_child(&adapter->dev, &addr,
235 i2cdev_check_mux_children);
236
237 return result;
238}
239
240static noinline__attribute__((noinline)) int i2cdev_ioctl_rdwr(struct i2c_client *client,
241 unsigned long arg)
242{
243 struct i2c_rdwr_ioctl_data rdwr_arg;
244 struct i2c_msg *rdwr_pa;
245 u8 __user **data_ptrs;
246 int i, res;
247
248 if (copy_from_user(&rdwr_arg,
249 (struct i2c_rdwr_ioctl_data __user *)arg,
250 sizeof(rdwr_arg)))
251 return -EFAULT14;
252
253 /* Put an arbitrary limit on the number of messages that can
254 * be sent at once */
255 if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS42)
256 return -EINVAL22;
257
258 rdwr_pa = memdup_user(rdwr_arg.msgs,
259 rdwr_arg.nmsgs * sizeof(struct i2c_msg));
260 if (IS_ERR(rdwr_pa))
261 return PTR_ERR(rdwr_pa);
262
263 data_ptrs = kmalloc(rdwr_arg.nmsgs * sizeof(u8 __user *), GFP_KERNEL((( gfp_t)(0x400000u|0x2000000u)) | (( gfp_t)0x40u) | (( gfp_t
)0x80u)));
264 if (data_ptrs == NULL((void *)0)) {
265 kfree(rdwr_pa);
266 return -ENOMEM12;
267 }
268
269 res = 0;
270 for (i = 0; i < rdwr_arg.nmsgs; i++) {
271 /* Limit the size of the message to a sane amount */
272 if (rdwr_pa[i].len > 8192) {
273 res = -EINVAL22;
274 break;
275 }
276
277 data_ptrs[i] = (u8 __user *)rdwr_pa[i].buf;
278 rdwr_pa[i].buf = memdup_user(data_ptrs[i], rdwr_pa[i].len);
279 if (IS_ERR(rdwr_pa[i].buf)) {
280 res = PTR_ERR(rdwr_pa[i].buf);
281 break;
282 }
283
284 /*
285 * If the message length is received from the slave (similar
286 * to SMBus block read), we must ensure that the buffer will
287 * be large enough to cope with a message length of
288 * I2C_SMBUS_BLOCK_MAX as this is the maximum underlying bus
289 * drivers allow. The first byte in the buffer must be
290 * pre-filled with the number of extra bytes, which must be
291 * at least one to hold the message length, but can be
292 * greater (for example to account for a checksum byte at
293 * the end of the message.)
294 */
295 if (rdwr_pa[i].flags & I2C_M_RECV_LEN0x0400) {
296 if (!(rdwr_pa[i].flags & I2C_M_RD0x0001) ||
297 rdwr_pa[i].buf[0] < 1 ||
298 rdwr_pa[i].len < rdwr_pa[i].buf[0] +
299 I2C_SMBUS_BLOCK_MAX32) {
300 res = -EINVAL22;
301 break;
302 }
303
304 rdwr_pa[i].len = rdwr_pa[i].buf[0];
305 }
306 }
307 if (res < 0) {
308 int j;
309 for (j = 0; j < i; ++j)
310 kfree(rdwr_pa[j].buf);
311 kfree(data_ptrs);
312 kfree(rdwr_pa);
313 return res;
314 }
315
316 res = i2c_transfer(client->adapter, rdwr_pa, rdwr_arg.nmsgs);
317 while (i-- > 0) {
318 if (res >= 0 && (rdwr_pa[i].flags & I2C_M_RD0x0001)) {
319 if (copy_to_user(data_ptrs[i], rdwr_pa[i].buf,
320 rdwr_pa[i].len))
321 res = -EFAULT14;
322 }
323 kfree(rdwr_pa[i].buf);
324 }
325 kfree(data_ptrs);
326 kfree(rdwr_pa);
327 return res;
328}
329
330static noinline__attribute__((noinline)) int i2cdev_ioctl_smbus(struct i2c_client *client,
331 unsigned long arg)
332{
333 struct i2c_smbus_ioctl_data data_arg;
334 union i2c_smbus_data temp;
335 int datasize, res;
336
337 if (copy_from_user(&data_arg,
1
Taking false branch
338 (struct i2c_smbus_ioctl_data __user *) arg,
339 sizeof(struct i2c_smbus_ioctl_data)))
340 return -EFAULT14;
341 if ((data_arg.size != I2C_SMBUS_BYTE1) &&
342 (data_arg.size != I2C_SMBUS_QUICK0) &&
343 (data_arg.size != I2C_SMBUS_BYTE_DATA2) &&
344 (data_arg.size != I2C_SMBUS_WORD_DATA3) &&
345 (data_arg.size != I2C_SMBUS_PROC_CALL4) &&
346 (data_arg.size != I2C_SMBUS_BLOCK_DATA5) &&
347 (data_arg.size != I2C_SMBUS_I2C_BLOCK_BROKEN6) &&
348 (data_arg.size != I2C_SMBUS_I2C_BLOCK_DATA8) &&
349 (data_arg.size != I2C_SMBUS_BLOCK_PROC_CALL7)) {
350 dev_dbg(&client->adapter->dev,do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("size out of range (%x) in ioctl I2C_SMBUS.\n"), .lineno
= 352, .flags = (1<<0), }; if ((descriptor.flags &
(1<<0))) __dynamic_dev_dbg(&descriptor, &client
->adapter->dev, "size out of range (%x) in ioctl I2C_SMBUS.\n"
, data_arg.size); } while (0); } while (0)
351 "size out of range (%x) in ioctl I2C_SMBUS.\n",do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("size out of range (%x) in ioctl I2C_SMBUS.\n"), .lineno
= 352, .flags = (1<<0), }; if ((descriptor.flags &
(1<<0))) __dynamic_dev_dbg(&descriptor, &client
->adapter->dev, "size out of range (%x) in ioctl I2C_SMBUS.\n"
, data_arg.size); } while (0); } while (0)
352 data_arg.size)do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("size out of range (%x) in ioctl I2C_SMBUS.\n"), .lineno
= 352, .flags = (1<<0), }; if ((descriptor.flags &
(1<<0))) __dynamic_dev_dbg(&descriptor, &client
->adapter->dev, "size out of range (%x) in ioctl I2C_SMBUS.\n"
, data_arg.size); } while (0); } while (0);
353 return -EINVAL22;
354 }
355 /* Note that I2C_SMBUS_READ and I2C_SMBUS_WRITE are 0 and 1,
356 so the check is valid if size==I2C_SMBUS_QUICK too. */
357 if ((data_arg.read_write != I2C_SMBUS_READ1) &&
358 (data_arg.read_write != I2C_SMBUS_WRITE0)) {
359 dev_dbg(&client->adapter->dev,do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("read_write out of range (%x) in ioctl I2C_SMBUS.\n"
), .lineno = 361, .flags = (1<<0), }; if ((descriptor.flags
& (1<<0))) __dynamic_dev_dbg(&descriptor, &
client->adapter->dev, "read_write out of range (%x) in ioctl I2C_SMBUS.\n"
, data_arg.read_write); } while (0); } while (0)
360 "read_write out of range (%x) in ioctl I2C_SMBUS.\n",do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("read_write out of range (%x) in ioctl I2C_SMBUS.\n"
), .lineno = 361, .flags = (1<<0), }; if ((descriptor.flags
& (1<<0))) __dynamic_dev_dbg(&descriptor, &
client->adapter->dev, "read_write out of range (%x) in ioctl I2C_SMBUS.\n"
, data_arg.read_write); } while (0); } while (0)
361 data_arg.read_write)do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("read_write out of range (%x) in ioctl I2C_SMBUS.\n"
), .lineno = 361, .flags = (1<<0), }; if ((descriptor.flags
& (1<<0))) __dynamic_dev_dbg(&descriptor, &
client->adapter->dev, "read_write out of range (%x) in ioctl I2C_SMBUS.\n"
, data_arg.read_write); } while (0); } while (0);
362 return -EINVAL22;
363 }
364
365 /* Note that command values are always valid! */
366
367 if ((data_arg.size == I2C_SMBUS_QUICK0) ||
368 ((data_arg.size == I2C_SMBUS_BYTE1) &&
369 (data_arg.read_write == I2C_SMBUS_WRITE0)))
370 /* These are special: we do not use data */
371 return i2c_smbus_xfer(client->adapter, client->addr,
372 client->flags, data_arg.read_write,
373 data_arg.command, data_arg.size, NULL((void *)0));
374
375 if (data_arg.data == NULL((void *)0)) {
2
Taking false branch
376 dev_dbg(&client->adapter->dev,do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("data is NULL pointer in ioctl I2C_SMBUS.\n"), .lineno
= 377, .flags = (1<<0), }; if ((descriptor.flags &
(1<<0))) __dynamic_dev_dbg(&descriptor, &client
->adapter->dev, "data is NULL pointer in ioctl I2C_SMBUS.\n"
); } while (0); } while (0)
377 "data is NULL pointer in ioctl I2C_SMBUS.\n")do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("data is NULL pointer in ioctl I2C_SMBUS.\n"), .lineno
= 377, .flags = (1<<0), }; if ((descriptor.flags &
(1<<0))) __dynamic_dev_dbg(&descriptor, &client
->adapter->dev, "data is NULL pointer in ioctl I2C_SMBUS.\n"
); } while (0); } while (0);
378 return -EINVAL22;
379 }
380
381 if ((data_arg.size == I2C_SMBUS_BYTE_DATA2) ||
3
Taking false branch
382 (data_arg.size == I2C_SMBUS_BYTE1))
383 datasize = sizeof(data_arg.data->byte);
384 else if ((data_arg.size == I2C_SMBUS_WORD_DATA3) ||
4
Taking false branch
385 (data_arg.size == I2C_SMBUS_PROC_CALL4))
386 datasize = sizeof(data_arg.data->word);
387 else /* size == smbus block, i2c block, or block proc. call */
388 datasize = sizeof(data_arg.data->block);
389
390 if ((data_arg.size == I2C_SMBUS_PROC_CALL4) ||
5
Taking false branch
391 (data_arg.size == I2C_SMBUS_BLOCK_PROC_CALL7) ||
392 (data_arg.size == I2C_SMBUS_I2C_BLOCK_DATA8) ||
393 (data_arg.read_write == I2C_SMBUS_WRITE0)) {
394 if (copy_from_user(&temp, data_arg.data, datasize))
395 return -EFAULT14;
396 }
397 if (data_arg.size == I2C_SMBUS_I2C_BLOCK_BROKEN6) {
6
Taking false branch
398 /* Convert old I2C block commands to the new
399 convention. This preserves binary compatibility. */
400 data_arg.size = I2C_SMBUS_I2C_BLOCK_DATA8;
401 if (data_arg.read_write == I2C_SMBUS_READ1)
402 temp.block[0] = I2C_SMBUS_BLOCK_MAX32;
403 }
404 res = i2c_smbus_xfer(client->adapter, client->addr, client->flags,
405 data_arg.read_write, data_arg.command, data_arg.size, &temp);
406 if (!res && ((data_arg.size == I2C_SMBUS_PROC_CALL4) ||
7
Assuming 'res' is 0
8
Taking true branch
407 (data_arg.size == I2C_SMBUS_BLOCK_PROC_CALL7) ||
408 (data_arg.read_write == I2C_SMBUS_READ1))) {
409 if (copy_to_user(data_arg.data, &temp, datasize))
9
Copies out a struct with a union element with different sizes
410 return -EFAULT14;
411 }
412 return res;
413}
414
415static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
416{
417 struct i2c_client *client = file->private_data;
418 unsigned long funcs;
419
420 dev_dbg(&client->adapter->dev, "ioctl, cmd=0x%02x, arg=0x%02lx\n",do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("ioctl, cmd=0x%02x, arg=0x%02lx\n"), .lineno = 421,
.flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_dev_dbg(&descriptor, &client->adapter
->dev, "ioctl, cmd=0x%02x, arg=0x%02lx\n", cmd, arg); } while
(0); } while (0)
421 cmd, arg)do { do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("ioctl, cmd=0x%02x, arg=0x%02lx\n"), .lineno = 421,
.flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_dev_dbg(&descriptor, &client->adapter
->dev, "ioctl, cmd=0x%02x, arg=0x%02lx\n", cmd, arg); } while
(0); } while (0);
422
423 switch (cmd) {
424 case I2C_SLAVE0x0703:
425 case I2C_SLAVE_FORCE0x0706:
426 if ((arg > 0x3ff) ||
427 (((client->flags & I2C_M_TEN0x0010) == 0) && arg > 0x7f))
428 return -EINVAL22;
429 if (cmd == I2C_SLAVE0x0703 && i2cdev_check_addr(client->adapter, arg))
430 return -EBUSY16;
431 /* REVISIT: address could become busy later */
432 client->addr = arg;
433 return 0;
434 case I2C_TENBIT0x0704:
435 if (arg)
436 client->flags |= I2C_M_TEN0x0010;
437 else
438 client->flags &= ~I2C_M_TEN0x0010;
439 return 0;
440 case I2C_PEC0x0708:
441 /*
442 * Setting the PEC flag here won't affect kernel drivers,
443 * which will be using the i2c_client node registered with
444 * the driver model core. Likewise, when that client has
445 * the PEC flag already set, the i2c-dev driver won't see
446 * (or use) this setting.
447 */
448 if (arg)
449 client->flags |= I2C_CLIENT_PEC0x04;
450 else
451 client->flags &= ~I2C_CLIENT_PEC0x04;
452 return 0;
453 case I2C_FUNCS0x0705:
454 funcs = i2c_get_functionality(client->adapter);
455 return put_user(funcs, (unsigned long __user *)arg)({ int __ret_pu; __typeof__(*((unsigned long *)arg)) __pu_val
; (void)0; __might_fault("drivers/i2c/i2c-dev.c", 455); __pu_val
= funcs; switch (sizeof(*((unsigned long *)arg))) { case 1: asm
volatile("call __put_user_" "1" : "=a" (__ret_pu) : "0" ((typeof
(*((unsigned long *)arg)))(__pu_val)), "c" ((unsigned long *)
arg) : "ebx"); break; case 2: asm volatile("call __put_user_"
"2" : "=a" (__ret_pu) : "0" ((typeof(*((unsigned long *)arg)
))(__pu_val)), "c" ((unsigned long *)arg) : "ebx"); break; case
4: asm volatile("call __put_user_" "4" : "=a" (__ret_pu) : "0"
((typeof(*((unsigned long *)arg)))(__pu_val)), "c" ((unsigned
long *)arg) : "ebx"); break; case 8: asm volatile("call __put_user_"
"8" : "=a" (__ret_pu) : "0" ((typeof(*((unsigned long *)arg)
))(__pu_val)), "c" ((unsigned long *)arg) : "ebx"); break; default
: asm volatile("call __put_user_" "X" : "=a" (__ret_pu) : "0"
((typeof(*((unsigned long *)arg)))(__pu_val)), "c" ((unsigned
long *)arg) : "ebx"); break; } __builtin_expect(__ret_pu, 0)
; });
456
457 case I2C_RDWR0x0707:
458 return i2cdev_ioctl_rdwr(client, arg);
459
460 case I2C_SMBUS0x0720:
461 return i2cdev_ioctl_smbus(client, arg);
462
463 case I2C_RETRIES0x0701:
464 client->adapter->retries = arg;
465 break;
466 case I2C_TIMEOUT0x0702:
467 /* For historical reasons, user-space sets the timeout
468 * value in units of 10 ms.
469 */
470 client->adapter->timeout = msecs_to_jiffies(arg * 10);
471 break;
472 default:
473 /* NOTE: returning a fault code here could cause trouble
474 * in buggy userspace code. Some old kernel bugs returned
475 * zero in this case, and userspace code might accidentally
476 * have depended on that bug.
477 */
478 return -ENOTTY25;
479 }
480 return 0;
481}
482
483static int i2cdev_open(struct inode *inode, struct file *file)
484{
485 unsigned int minor = iminor(inode);
486 struct i2c_client *client;
487 struct i2c_adapter *adap;
488
489 adap = i2c_get_adapter(minor);
490 if (!adap)
491 return -ENODEV19;
492
493 /* This creates an anonymous i2c_client, which may later be
494 * pointed to some address using I2C_SLAVE or I2C_SLAVE_FORCE.
495 *
496 * This client is ** NEVER REGISTERED ** with the driver model
497 * or I2C core code!! It just holds private copies of addressing
498 * information and maybe a PEC flag.
499 */
500 client = kzalloc(sizeof(*client), GFP_KERNEL((( gfp_t)(0x400000u|0x2000000u)) | (( gfp_t)0x40u) | (( gfp_t
)0x80u)));
501 if (!client) {
502 i2c_put_adapter(adap);
503 return -ENOMEM12;
504 }
505 snprintf(client->name, I2C_NAME_SIZE20, "i2c-dev %d", adap->nr);
506
507 client->adapter = adap;
508 file->private_data = client;
509
510 return 0;
511}
512
513static int i2cdev_release(struct inode *inode, struct file *file)
514{
515 struct i2c_client *client = file->private_data;
516
517 i2c_put_adapter(client->adapter);
518 kfree(client);
519 file->private_data = NULL((void *)0);
520
521 return 0;
522}
523
524static const struct file_operations i2cdev_fops = {
525 .owner = THIS_MODULE((struct module *)0),
526 .llseek = no_llseek,
527 .read = i2cdev_read,
528 .write = i2cdev_write,
529 .unlocked_ioctl = i2cdev_ioctl,
530 .open = i2cdev_open,
531 .release = i2cdev_release,
532};
533
534/* ------------------------------------------------------------------------- */
535
536static struct class *i2c_dev_class;
537
538static int i2cdev_attach_adapter(struct device *dev, void *dummy)
539{
540 struct i2c_adapter *adap;
541 struct i2c_dev *i2c_dev;
542 int res;
543
544 if (dev->type != &i2c_adapter_type)
545 return 0;
546 adap = to_i2c_adapter(dev)({ const typeof( ((struct i2c_adapter *)0)->dev ) *__mptr =
(dev); (struct i2c_adapter *)( (char *)__mptr - __builtin_offsetof
(struct i2c_adapter, dev) );});
547
548 i2c_dev = get_free_i2c_dev(adap);
549 if (IS_ERR(i2c_dev))
550 return PTR_ERR(i2c_dev);
551
552 cdev_init(&i2c_dev->cdev, &i2cdev_fops);
553 i2c_dev->cdev.owner = THIS_MODULE((struct module *)0);
554 res = cdev_add(&i2c_dev->cdev, MKDEV(I2C_MAJOR, adap->nr)(((89) << 20) | (adap->nr)), 1);
555 if (res)
556 goto error_cdev;
557
558 /* register this i2c device with the driver core */
559 i2c_dev->dev = device_create(i2c_dev_class, &adap->dev,
560 MKDEV(I2C_MAJOR, adap->nr)(((89) << 20) | (adap->nr)), NULL((void *)0),
561 "i2c-%d", adap->nr);
562 if (IS_ERR(i2c_dev->dev)) {
563 res = PTR_ERR(i2c_dev->dev);
564 goto error;
565 }
566
567 pr_debug("i2c-dev: adapter [%s] registered as minor %d\n",do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: adapter [%s] registered as minor %d\n"), .
lineno = 568, .flags = (1<<0), }; if ((descriptor.flags
& (1<<0))) __dynamic_pr_debug(&descriptor, "i2c-dev: adapter [%s] registered as minor %d\n"
, adap->name, adap->nr); } while (0)
568 adap->name, adap->nr)do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: adapter [%s] registered as minor %d\n"), .
lineno = 568, .flags = (1<<0), }; if ((descriptor.flags
& (1<<0))) __dynamic_pr_debug(&descriptor, "i2c-dev: adapter [%s] registered as minor %d\n"
, adap->name, adap->nr); } while (0);
569 return 0;
570error:
571 cdev_del(&i2c_dev->cdev);
572error_cdev:
573 put_i2c_dev(i2c_dev);
574 return res;
575}
576
577static int i2cdev_detach_adapter(struct device *dev, void *dummy)
578{
579 struct i2c_adapter *adap;
580 struct i2c_dev *i2c_dev;
581
582 if (dev->type != &i2c_adapter_type)
583 return 0;
584 adap = to_i2c_adapter(dev)({ const typeof( ((struct i2c_adapter *)0)->dev ) *__mptr =
(dev); (struct i2c_adapter *)( (char *)__mptr - __builtin_offsetof
(struct i2c_adapter, dev) );});
585
586 i2c_dev = i2c_dev_get_by_minor(adap->nr);
587 if (!i2c_dev) /* attach_adapter must have failed */
588 return 0;
589
590 cdev_del(&i2c_dev->cdev);
591 put_i2c_dev(i2c_dev);
592 device_destroy(i2c_dev_class, MKDEV(I2C_MAJOR, adap->nr)(((89) << 20) | (adap->nr)));
593
594 pr_debug("i2c-dev: adapter [%s] unregistered\n", adap->name)do { static struct _ddebug __attribute__((aligned(8))) __attribute__
((section("__verbose"))) descriptor = { .modname = "i2c_dev",
.function = __func__, .filename = "drivers/i2c/i2c-dev.c", .
format = ("i2c-dev: adapter [%s] unregistered\n"), .lineno = 594
, .flags = (1<<0), }; if ((descriptor.flags & (1<<
0))) __dynamic_pr_debug(&descriptor, "i2c-dev: adapter [%s] unregistered\n"
, adap->name); } while (0);
595 return 0;
596}
597
598static int i2cdev_notifier_call(struct notifier_block *nb, unsigned long action,
599 void *data)
600{
601 struct device *dev = data;
602
603 switch (action) {
604 case BUS_NOTIFY_ADD_DEVICE0x00000001:
605 return i2cdev_attach_adapter(dev, NULL((void *)0));
606 case BUS_NOTIFY_DEL_DEVICE0x00000002:
607 return i2cdev_detach_adapter(dev, NULL((void *)0));
608 }
609
610 return 0;
611}
612
613static struct notifier_block i2cdev_notifier = {
614 .notifier_call = i2cdev_notifier_call,
615};
616
617/* ------------------------------------------------------------------------- */
618
619/*
620 * module load/unload record keeping
621 */
622
623static int __init__attribute__ ((__section__(".init.text"))) __attribute__((no_instrument_function
)) i2c_dev_init(void)
624{
625 int res;
626
627 printk(KERN_INFO"\001" "6" "i2c /dev entries driver\n");
628
629 res = register_chrdev_region(MKDEV(I2C_MAJOR, 0)(((89) << 20) | (0)), I2C_MINORS((1U << 20) - 1), "i2c");
630 if (res)
631 goto out;
632
633 i2c_dev_class = class_create(THIS_MODULE, "i2c-dev")({ static struct lock_class_key __key; __class_create(((struct
module *)0), "i2c-dev", &__key); });
634 if (IS_ERR(i2c_dev_class)) {
635 res = PTR_ERR(i2c_dev_class);
636 goto out_unreg_chrdev;
637 }
638 i2c_dev_class->dev_groups = i2c_groups;
639
640 /* Keep track of adapters which will be added or removed later */
641 res = bus_register_notifier(&i2c_bus_type, &i2cdev_notifier);
642 if (res)
643 goto out_unreg_class;
644
645 /* Bind to already existing adapters right away */
646 i2c_for_each_dev(NULL((void *)0), i2cdev_attach_adapter);
647
648 return 0;
649
650out_unreg_class:
651 class_destroy(i2c_dev_class);
652out_unreg_chrdev:
653 unregister_chrdev_region(MKDEV(I2C_MAJOR, 0)(((89) << 20) | (0)), I2C_MINORS((1U << 20) - 1));
654out:
655 printk(KERN_ERR"\001" "3" "%s: Driver Initialisation failed\n", __FILE__"drivers/i2c/i2c-dev.c");
656 return res;
657}
658
659static void __exit__attribute__ ((__section__(".exit.text"))) __attribute__((__used__
)) __attribute__((no_instrument_function)) i2c_dev_exit(void)
660{
661 bus_unregister_notifier(&i2c_bus_type, &i2cdev_notifier);
662 i2c_for_each_dev(NULL((void *)0), i2cdev_detach_adapter);
663 class_destroy(i2c_dev_class);
664 unregister_chrdev_region(MKDEV(I2C_MAJOR, 0)(((89) << 20) | (0)), I2C_MINORS((1U << 20) - 1));
665}
666
667MODULE_AUTHOR("Frodo Looijaard <[email protected]> and "struct __UNIQUE_ID_author15 {}
668 "Simon G. Vogl <[email protected]>")struct __UNIQUE_ID_author15 {};
669MODULE_DESCRIPTION("I2C /dev entries driver")struct __UNIQUE_ID_description16 {};
670MODULE_LICENSE("GPL")struct __UNIQUE_ID_license17 {};
671
672module_init(i2c_dev_init)static initcall_t __initcall_i2c_dev_init6 __attribute__((__used__
)) __attribute__((__section__(".initcall" "6" ".init"))) = i2c_dev_init
;;;
673module_exit(i2c_dev_exit)static exitcall_t __exitcall_i2c_dev_exit __attribute__((__used__
)) __attribute__ ((__section__(".exitcall.exit"))) = i2c_dev_exit
;;