On Wed, Jan 27, 2021 at 01:59:07PM -0800, Hao Wu wrote: > On Wed, Jan 27, 2021 at 1:42 PM Corey Minyard <miny...@acm.org> wrote: > > > On Wed, Jan 27, 2021 at 12:37:46PM -0800, wuhaotsh--- via wrote: > > > On Tue, Jan 26, 2021 at 3:47 PM Corey Minyard <miny...@acm.org> wrote: > > > > > > > On Tue, Jan 26, 2021 at 11:32:37AM -0800, wuhaotsh--- via wrote: > > > > > + > > > > > +static void npcm7xx_smbus_read_byte_fifo(NPCM7xxSMBusState *s) > > > > > +{ > > > > > + uint8_t received_bytes = > > NPCM7XX_SMBRXF_STS_RX_BYTES(s->rxf_sts); > > > > > + > > > > > + if (received_bytes == 0) { > > > > > + npcm7xx_smbus_recv_fifo(s); > > > > > + return; > > > > > + } > > > > > + > > > > > + s->sda = s->rx_fifo[s->rx_cur]; > > > > > + s->rx_cur = (s->rx_cur + 1u) % NPCM7XX_SMBUS_FIFO_SIZE; > > > > > + --s->rxf_sts; > > > > > > > > This open-coded decrement seems a little risky. Are you sure in every > > > > case that s->rxf_sts > 0? There's no way what's running in the VM can > > > > game this and cause a buffer overrun? One caller to this function > > seems > > > > to protect against this, and another does not. > > > > > > > s->rxf_sts is uint8_t so it's guaranteed to be >=0. > > > In the case s->rxf_sts == 0, NPCM7XX_SMBRXF_STS_RX_BYTES(s->rxf_sts) is > > > also 0, so it'll take the if-branch and return without running > > --s->rxf_sts. > > > > That is true if called from the > > NPCM7XX_SMBUS_STATUS_STOPPING_LAST_RECEIVE case. There is no such check > > in the NPCM7XX_SMBUS_STATUS_RECEIVING case. > > > I don't understand the reasoning here. The caller doesn't matter. > Previous code has: > #define NPCM7XX_SMBRXF_STS_RX_BYTES(rv) extract8((rv), 0, 5) > So > uint8_t received_bytes = NPCM7XX_SMBRXF_STS_RX_BYTES(s->rxf_sts); > is guaranteed to be 0 if s->rxf_sts == 0. > As a result the code will take the following branch and returns: > if (received_bytes == 0) { > npcm7xx_smbus_recv_fifo(s); > return; > } > And will not execute the --s->rxf_sts sentence. > Please let me know if I missed anything here.
Ah, sorry, I missed that. Yes, this is ok. So... Reviewed-by: Corey Minyard <cminy...@mvista.com> > > > > > > I'll probably add "g_assert(s->rxf_sts > 0)" to clarify. > > > > You never want to do an assert if the hosted system can do something to > > cause it. If you add the check to the NPCM7XX_SMBUS_STATUS_RECEIVING > > case, it would be ok, but really unnecessary. > > > > If it's fine if s->rxf_sts wraps to 0xff, then this all doesn't matter, > > but you want to add a comment to that effect if so. These sorts of > > things look dangerous. > > > > There is also the question about who takes these patches in. I'm the > > I2C maintainer, but there's other code in this series. Once everything > > is ready, I can ack them if we take it through the ARM tree. Or I can > > take it through my tree with the proper acks. > > > I think either way is fine. Previous NPCM7XX patch series were taken in > the ARM tree. But as i2c code taking into your tree is also fine. > > > > > -corey > > > > > > > > > > > > > Other than this, I didn't see any issues with this patch. > > > > > > > > -corey > > > > > >