Linux设备驱动剖析之IIC(三)
下面以eeprom用户程序调用ioctl函数的写操作为例追踪IIC子系统的调用过程。eeprom的用户测试是大部分开发板都自带的。看写一个字节数据的eeprom_write_byte函数的定义:
int eeprom_write_byte(struct eeprom *e, __u16 mem_addr, __u8 data) { if(e->type == EEPROM_TYPE_8BIT_ADDR) { __u8 buf[2] = { mem_addr & 0x00ff, data }; return i2c_write_2b(e, buf); } else if(e->type == EEPROM_TYPE_16BIT_ADDR) { __u8 buf[3] = { (mem_addr >> 8) & 0x00ff, mem_addr & 0x00ff, data }; return i2c_write_3b(e, buf); } fprintf(stderr, "ERR: unknown eeprom type\n"); return -1; }
这里使用的是8位地址,因此调用的是i2c_write_2b函数,为什么是2b?这是eeprom规定的,写数据之前要先写地址。注意buf[0]=要写的地址,buf[1]=要写的字节数据。下面是i2c_write_2b函数的定义:
static int i2c_write_2b(struct eeprom *e, __u8 buf[2]) { int r; // we must simulate a plain I2C byte write with SMBus functions r = i2c_smbus_write_byte_data(e->fd, buf[0], buf[1]); if(r < 0) fprintf(stderr, "Error i2c_write_2b: %s\n", strerror(errno)); usleep(10); return r; }
就调用了i2c_smbus_write_byte_data函数,注意参数的含义,下面是它的定义:
static inline __s32 i2c_smbus_write_byte_data(int file, __u8 command, __u8 value) { union i2c_smbus_data data; data.byte = value; return i2c_smbus_access(file,I2C_SMBUS_WRITE,command, I2C_SMBUS_BYTE_DATA, &data); }
调用了i2c_smbus_access函数,继续追踪,看i2c_smbus_access函数的定义:
static inline __s32 i2c_smbus_access(int file, char read_write, __u8 command, int size, union i2c_smbus_data *data) { struct i2c_smbus_ioctl_data args; args.read_write = read_write; args.command = command; args.size = size; args.data = data; return ioctl(file,I2C_SMBUS,&args); }
首先弄清楚参数的含义,file是使用open打开的文件。read_write表示是读操作还是写操作,这里是写,所以它的值为I2C_SMBUS_WRITE。command是要写的地址。size的值为I2C_SMBUS_BYTE_DATA。最后一个参数data.byte=要写的字节数据。
下面开始进入ioctl系统调用,最后会到达i2c-dev.c中的i2cdev_ioctl函数,看它的定义:
00000396 static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 00000397 { 00000398 struct i2c_client *client = file->private_data; 00000399 unsigned long funcs; 00000400 00000401 dev_dbg(&client->adapter->dev, "ioctl, cmd=0x%02x, arg=0x%02lx\n", 00000402 cmd, arg); 00000403 00000404 switch (cmd) { 00000405 case I2C_SLAVE: 00000406 case I2C_SLAVE_FORCE: 00000407 /* NOTE: devices set up to work with "new style" drivers 00000408 * can't use I2C_SLAVE, even when the device node is not 00000409 * bound to a driver. Only I2C_SLAVE_FORCE will work. 00000410 * 00000411 * Setting the PEC flag here won't affect kernel drivers, 00000412 * which will be using the i2c_client node registered with 00000413 * the driver model core. Likewise, when that client has 00000414 * the PEC flag already set, the i2c-dev driver won't see 00000415 * (or use) this setting. 00000416 */ 00000417 if ((arg > 0x3ff) || 00000418 (((client->flags & I2C_M_TEN) == 0) && arg > 0x7f)) 00000419 return -EINVAL; 00000420 if (cmd == I2C_SLAVE && i2cdev_check_addr(client->adapter, arg)) 00000421 return -EBUSY; 00000422 /* REVISIT: address could become busy later */ 00000423 client->addr = arg; 00000424 return 0; 00000425 case I2C_TENBIT: 00000426 if (arg) 00000427 client->flags |= I2C_M_TEN; 00000428 else 00000429 client->flags &= ~I2C_M_TEN; 00000430 return 0; 00000431 case I2C_PEC: 00000432 if (arg) 00000433 client->flags |= I2C_CLIENT_PEC; 00000434 else 00000435 client->flags &= ~I2C_CLIENT_PEC; 00000436 return 0; 00000437 case I2C_FUNCS: 00000438 funcs = i2c_get_functionality(client->adapter); 00000439 return put_user(funcs, (unsigned long __user *)arg); 00000440 00000441 case I2C_RDWR: 00000442 return i2cdev_ioctl_rdrw(client, arg); 00000443 00000444 case I2C_SMBUS: 00000445 return i2cdev_ioctl_smbus(client, arg); 00000446 00000447 case I2C_RETRIES: 00000448 client->adapter->retries = arg; 00000449 break; 00000450 case I2C_TIMEOUT: 00000451 /* For historical reasons, user-space sets the timeout 00000452 * value in units of 10 ms. 00000453 */ 00000454 client->adapter->timeout = msecs_to_jiffies(arg * 10); 00000455 break; 00000456 default: 00000457 /* NOTE: returning a fault code here could cause trouble 00000458 * in buggy userspace code. Some old kernel bugs returned 00000459 * zero in this case, and userspace code might accidentally 00000460 * have depended on that bug. 00000461 */ 00000462 return -ENOTTY; 00000463 } 00000464 return 0; 00000465 }
比较简单,根据不同的cmd执行不同的分支。由于ioctl传下来的cmd是I2C_SMBUS,因此直接看444、445行,调用i2cdev_ioctl_smbus函数:
00000311 static noinline int i2cdev_ioctl_smbus(struct i2c_client *client, 00000312 unsigned long arg) 00000313 { 00000314 struct i2c_smbus_ioctl_data data_arg; 00000315 union i2c_smbus_data temp; 00000316 int datasize, res; 00000317 00000318 if (copy_from_user(&data_arg, 00000319 (struct i2c_smbus_ioctl_data __user *) arg, 00000320 sizeof(struct i2c_smbus_ioctl_data))) 00000321 return -EFAULT; 00000322 if ((data_arg.size != I2C_SMBUS_BYTE) && 00000323 (data_arg.size != I2C_SMBUS_QUICK) && 00000324 (data_arg.size != I2C_SMBUS_BYTE_DATA) && 00000325 (data_arg.size != I2C_SMBUS_WORD_DATA) && 00000326 (data_arg.size != I2C_SMBUS_PROC_CALL) && 00000327 (data_arg.size != I2C_SMBUS_BLOCK_DATA) && 00000328 (data_arg.size != I2C_SMBUS_I2C_BLOCK_BROKEN) && 00000329 (data_arg.size != I2C_SMBUS_I2C_BLOCK_DATA) && 00000330 (data_arg.size != I2C_SMBUS_BLOCK_PROC_CALL)) { 00000331 dev_dbg(&client->adapter->dev, 00000332 "size out of range (%x) in ioctl I2C_SMBUS.\n", 00000333 data_arg.size); 00000334 return -EINVAL; 00000335 } 00000336 /* Note that I2C_SMBUS_READ and I2C_SMBUS_WRITE are 0 and 1, 00000337 so the check is valid if size==I2C_SMBUS_QUICK too. */ 00000338 if ((data_arg.read_write != I2C_SMBUS_READ) && 00000339 (data_arg.read_write != I2C_SMBUS_WRITE)) { 00000340 dev_dbg(&client->adapter->dev, 00000341 "read_write out of range (%x) in ioctl I2C_SMBUS.\n", 00000342 data_arg.read_write); 00000343 return -EINVAL; 00000344 } 00000345 00000346 /* Note that command values are always valid! */ 00000347 00000348 if ((data_arg.size == I2C_SMBUS_QUICK) || 00000349 ((data_arg.size == I2C_SMBUS_BYTE) && 00000350 (data_arg.read_write == I2C_SMBUS_WRITE))) 00000351 /* These are special: we do not use data */ 00000352 return i2c_smbus_xfer(client->adapter, client->addr, 00000353 client->flags, data_arg.read_write, 00000354 data_arg.command, data_arg.size, NULL); 00000355 00000356 if (data_arg.data == NULL) { 00000357 dev_dbg(&client->adapter->dev, 00000358 "data is NULL pointer in ioctl I2C_SMBUS.\n"); 00000359 return -EINVAL; 00000360 } 00000361 00000362 if ((data_arg.size == I2C_SMBUS_BYTE_DATA) || 00000363 (data_arg.size == I2C_SMBUS_BYTE)) 00000364 datasize = sizeof(data_arg.data->byte); 00000365 else if ((data_arg.size == I2C_SMBUS_WORD_DATA) || 00000366 (data_arg.size == I2C_SMBUS_PROC_CALL)) 00000367 datasize = sizeof(data_arg.data->word); 00000368 else /* size == smbus block, i2c block, or block proc. call */ 00000369 datasize = sizeof(data_arg.data->block); 00000370 00000371 if ((data_arg.size == I2C_SMBUS_PROC_CALL) || 00000372 (data_arg.size == I2C_SMBUS_BLOCK_PROC_CALL) || 00000373 (data_arg.size == I2C_SMBUS_I2C_BLOCK_DATA) || 00000374 (data_arg.read_write == I2C_SMBUS_WRITE)) { 00000375 if (copy_from_user(&temp, data_arg.data, datasize)) 00000376 return -EFAULT; 00000377 } 00000378 if (data_arg.size == I2C_SMBUS_I2C_BLOCK_BROKEN) { 00000379 /* Convert old I2C block commands to the new 00000380 convention. This preserves binary compatibility. */ 00000381 data_arg.size = I2C_SMBUS_I2C_BLOCK_DATA; 00000382 if (data_arg.read_write == I2C_SMBUS_READ) 00000383 temp.block[0] = I2C_SMBUS_BLOCK_MAX; 00000384 } 00000385 res = i2c_smbus_xfer(client->adapter, client->addr, client->flags, 00000386 data_arg.read_write, data_arg.command, data_arg.size, &temp); 00000387 if (!res && ((data_arg.size == I2C_SMBUS_PROC_CALL) || 00000388 (data_arg.size == I2C_SMBUS_BLOCK_PROC_CALL) || 00000389 (data_arg.read_write == I2C_SMBUS_READ))) { 00000390 if (copy_to_user(data_arg.data, &temp, datasize)) 00000391 return -EFAULT; 00000392 } 00000393 return res; 00000394 }
一大堆的if判断。318行,调用copy_from_user函数将用户空间的数据拷贝到内核空间。这样data_arg的内容就与ioctl第三个参数的内容是一样的了。
322至335行,都是判断,一路走来,我们知道data_arg.size的值为I2C_SMBUS_BYTE_DATA,所以这里的if条件不会成立。
338至344行,如果既不是读操作又不是写操作,那肯定不行,返回出错。
348行,由于不满足第一个条件,所以不会执行if里的语句。
356至360行,我们的data_arg.data是不为NULL的,可以继续往下执行。
362行,data_arg.size == I2C_SMBUS_BYTE_DATA这个条件满足,所以执行364行的语句,因此datasize的值为1。
371行,由于满足data_arg.read_write == I2C_SMBUS_WRITE这个条件,所以执行375行语句,将data_arg.data的第一个字节拷贝到temp变量中。
378行,条件不满足,略过。
先看387行,条件不满足,因此就剩下385行的i2c_smbus_xfer函数,下面看它在drivers/i2c/i2c-core.c中的定义:
00002066 s32 i2c_smbus_xfer(struct i2c_adapter *adapter, u16 addr, unsigned short flags, 00002067 char read_write, u8 command, int protocol, 00002068 union i2c_smbus_data *data) 00002069 { 00002070 unsigned long orig_jiffies; 00002071 int try; 00002072 s32 res; 00002073 00002074 flags &= I2C_M_TEN | I2C_CLIENT_PEC; 00002075 00002076 if (adapter->algo->smbus_xfer) { 00002077 i2c_lock_adapter(adapter); 00002078 00002079 /* Retry automatically on arbitration loss */ 00002080 orig_jiffies = jiffies; 00002081 for (res = 0, try = 0; try <= adapter->retries; try++) { 00002082 res = adapter->algo->smbus_xfer(adapter, addr, flags, 00002083 read_write, command, 00002084 protocol, data); 00002085 if (res != -EAGAIN) 00002086 break; 00002087 if (time_after(jiffies, 00002088 orig_jiffies + adapter->timeout)) 00002089 break; 00002090 } 00002091 i2c_unlock_adapter(adapter); 00002092 } else 00002093 res = i2c_smbus_xfer_emulated(adapter, addr, flags, read_write, 00002094 command, protocol, data); 00002095 00002096 return res; 00002097 }
2076行,对于s3c6410的IIC控制器驱动来说,没有定义smbus_xfer函数,因此执行2093行的i2c_smbus_xfer_emulated函数,它的定义如下:
00001889 static s32 i2c_smbus_xfer_emulated(struct i2c_adapter *adapter, u16 addr, 00001890 unsigned short flags, 00001891 char read_write, u8 command, int size, 00001892 union i2c_smbus_data *data) 00001893 { 00001894 /* So we need to generate a series of msgs. In the case of writing, we 00001895 need to use only one message; when reading, we need two. We initialize 00001896 most things with sane defaults, to keep the code below somewhat 00001897 simpler. */ 00001898 unsigned char msgbuf0[I2C_SMBUS_BLOCK_MAX+3]; 00001899 unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX+2]; 00001900 int num = read_write == I2C_SMBUS_READ ? 2 : 1; 00001901 struct i2c_msg msg[2] = { { addr, flags, 1, msgbuf0 }, 00001902 { addr, flags | I2C_M_RD, 0, msgbuf1 } 00001903 }; 00001904 int i; 00001905 u8 partial_pec = 0; 00001906 int status; 00001907 00001908 msgbuf0[0] = command; 00001909 switch (size) { 00001910 case I2C_SMBUS_QUICK: 00001911 msg[0].len = 0; 00001912 /* Special case: The read/write field is used as data */ 00001913 msg[0].flags = flags | (read_write == I2C_SMBUS_READ ? 00001914 I2C_M_RD : 0); 00001915 num = 1; 00001916 break; 00001917 case I2C_SMBUS_BYTE: 00001918 if (read_write == I2C_SMBUS_READ) { 00001919 /* Special case: only a read! */ 00001920 msg[0].flags = I2C_M_RD | flags; 00001921 num = 1; 00001922 } 00001923 break; 00001924 case I2C_SMBUS_BYTE_DATA: 00001925 if (read_write == I2C_SMBUS_READ) 00001926 msg[1].len = 1; 00001927 else { 00001928 msg[0].len = 2; 00001929 msgbuf0[1] = data->byte; 00001930 } 00001931 break; 00001932 case I2C_SMBUS_WORD_DATA: 00001933 if (read_write == I2C_SMBUS_READ) 00001934 msg[1].len = 2; 00001935 else { 00001936 msg[0].len = 3; 00001937 msgbuf0[1] = data->word & 0xff; 00001938 msgbuf0[2] = data->word >> 8; 00001939 } 00001940 break; 00001941 case I2C_SMBUS_PROC_CALL: 00001942 num = 2; /* Special case */ 00001943 read_write = I2C_SMBUS_READ; 00001944 msg[0].len = 3; 00001945 msg[1].len = 2; 00001946 msgbuf0[1] = data->word & 0xff; 00001947 msgbuf0[2] = data->word >> 8; 00001948 break; 00001949 case I2C_SMBUS_BLOCK_DATA: 00001950 if (read_write == I2C_SMBUS_READ) { 00001951 msg[1].flags |= I2C_M_RECV_LEN; 00001952 msg[1].len = 1; /* block length will be added by 00001953 the underlying bus driver */ 00001954 } else { 00001955 msg[0].len = data->block[0] + 2; 00001956 if (msg[0].len > I2C_SMBUS_BLOCK_MAX + 2) { 00001957 dev_err(&adapter->dev, 00001958 "Invalid block write size %d\n", 00001959 data->block[0]); 00001960 return -EINVAL; 00001961 } 00001962 for (i = 1; i < msg[0].len; i++) 00001963 msgbuf0[i] = data->block[i-1]; 00001964 } 00001965 break; 00001966 case I2C_SMBUS_BLOCK_PROC_CALL: 00001967 num = 2; /* Another special case */ 00001968 read_write = I2C_SMBUS_READ; 00001969 if (data->block[0] > I2C_SMBUS_BLOCK_MAX) { 00001970 dev_err(&adapter->dev, 00001971 "Invalid block write size %d\n", 00001972 data->block[0]); 00001973 return -EINVAL; 00001974 } 00001975 msg[0].len = data->block[0] + 2; 00001976 for (i = 1; i < msg[0].len; i++) 00001977 msgbuf0[i] = data->block[i-1]; 00001978 msg[1].flags |= I2C_M_RECV_LEN; 00001979 msg[1].len = 1; /* block length will be added by 00001980 the underlying bus driver */ 00001981 break; 00001982 case I2C_SMBUS_I2C_BLOCK_DATA: 00001983 if (read_write == I2C_SMBUS_READ) { 00001984 msg[1].len = data->block[0]; 00001985 } else { 00001986 msg[0].len = data->block[0] + 1; 00001987 if (msg[0].len > I2C_SMBUS_BLOCK_MAX + 1) { 00001988 dev_err(&adapter->dev, 00001989 "Invalid block write size %d\n", 00001990 data->block[0]); 00001991 return -EINVAL; 00001992 } 00001993 for (i = 1; i <= data->block[0]; i++) 00001994 msgbuf0[i] = data->block[i]; 00001995 } 00001996 break; 00001997 default: 00001998 dev_err(&adapter->dev, "Unsupported transaction %d\n", size); 00001999 return -EOPNOTSUPP; 00002000 } 00002001 00002002 i = ((flags & I2C_CLIENT_PEC) && size != I2C_SMBUS_QUICK 00002003 && size != I2C_SMBUS_I2C_BLOCK_DATA); 00002004 if (i) { 00002005 /* Compute PEC if first message is a write */ 00002006 if (!(msg[0].flags & I2C_M_RD)) { 00002007 if (num == 1) /* Write only */ 00002008 i2c_smbus_add_pec(&msg[0]); 00002009 else /* Write followed by read */ 00002010 partial_pec = i2c_smbus_msg_pec(0, &msg[0]); 00002011 } 00002012 /* Ask for PEC if last message is a read */ 00002013 if (msg[num-1].flags & I2C_M_RD) 00002014 msg[num-1].len++; 00002015 } 00002016 00002017 status = i2c_transfer(adapter, msg, num); 00002018 if (status < 0) 00002019 return status; 00002020 00002021 /* Check PEC if last message is a read */ 00002022 if (i && (msg[num-1].flags & I2C_M_RD)) { 00002023 status = i2c_smbus_check_pec(partial_pec, &msg[num-1]); 00002024 if (status < 0) 00002025 return status; 00002026 } 00002027 00002028 if (read_write == I2C_SMBUS_READ) 00002029 switch (size) { 00002030 case I2C_SMBUS_BYTE: 00002031 data->byte = msgbuf0[0]; 00002032 break; 00002033 case I2C_SMBUS_BYTE_DATA: 00002034 data->byte = msgbuf1[0]; 00002035 break; 00002036 case I2C_SMBUS_WORD_DATA: 00002037 case I2C_SMBUS_PROC_CALL: 00002038 data->word = msgbuf1[0] | (msgbuf1[1] << 8); 00002039 break; 00002040 case I2C_SMBUS_I2C_BLOCK_DATA: 00002041 for (i = 0; i < data->block[0]; i++) 00002042 data->block[i+1] = msgbuf1[i]; 00002043 break; 00002044 case I2C_SMBUS_BLOCK_DATA: 00002045 case I2C_SMBUS_BLOCK_PROC_CALL: 00002046 for (i = 0; i < msgbuf1[0] + 1; i++) 00002047 data->block[i] = msgbuf1[i]; 00002048 break; 00002049 } 00002050 return 0; 00002051 }
函数很长,但是逻辑却很简单。1898行,定义msgbuf0数组用作写操作,里面放的是要写的数据,后面会看到。
1899行,定义msgbuf1数组用作读操作,这里讨论的是写操作,因此略过与读操作相关的内容。
1900行,因为read_write=I2C_SMBUS_WRITE,所以num的值为1。
1901行,定义2个message数组,同样,一个用作写,一个用作读。
1908行,msgbuf0[0] = command,即要写数据的地址。
1909行,switch(size),由于size的值为I2C_SMBUS_BYTE_DATA,所以1924行的条件成立。
1925行,条件不成立,因此直接到1928行,msg[0].len = 2,写一字节地址和写一个字节数据加起来刚好是2字节。1929行,msgbuf0[1] = data->byte,即要写入的数据。
2002至2015行,与错误检测相关的,略过它不会有什么影响。
先看2022至2050行,都是与读操作相关的,因此不说了。
再看2017行,调用i2c_transfer函数来进行传输,i2c_transfer函数的定义:
00001281 int i2c_transfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num) 00001282 { 00001283 unsigned long orig_jiffies; 00001284 int ret, try; 00001285 00001286 /* REVISIT the fault reporting model here is weak: 00001287 * 00001288 * - When we get an error after receiving N bytes from a slave, 00001289 * there is no way to report "N". 00001290 * 00001291 * - When we get a NAK after transmitting N bytes to a slave, 00001292 * there is no way to report "N" ... or to let the master 00001293 * continue executing the rest of this combined message, if 00001294 * that's the appropriate response. 00001295 * 00001296 * - When for example "num" is two and we successfully complete 00001297 * the first message but get an error part way through the 00001298 * second, it's unclear whether that should be reported as 00001299 * one (discarding status on the second message) or errno 00001300 * (discarding status on the first one). 00001301 */ 00001302 00001303 if (adap->algo->master_xfer) { 00001304 #ifdef DEBUG 00001305 for (ret = 0; ret < num; ret++) { 00001306 dev_dbg(&adap->dev, "master_xfer[%d] %c, addr=0x%02x, " 00001307 "len=%d%s\n", ret, (msgs[ret].flags & I2C_M_RD) 00001308 ? 'R' : 'W', msgs[ret].addr, msgs[ret].len, 00001309 (msgs[ret].flags & I2C_M_RECV_LEN) ? "+" : ""); 00001310 } 00001311 #endif 00001312 00001313 if (in_atomic() || irqs_disabled()) { 00001314 ret = i2c_trylock_adapter(adap); 00001315 if (!ret) 00001316 /* I2C activity is ongoing. */ 00001317 return -EAGAIN; 00001318 } else { 00001319 i2c_lock_adapter(adap); 00001320 } 00001321 00001322 /* Retry automatically on arbitration loss */ 00001323 orig_jiffies = jiffies; 00001324 for (ret = 0, try = 0; try <= adap->retries; try++) { 00001325 ret = adap->algo->master_xfer(adap, msgs, num); 00001326 if (ret != -EAGAIN) 00001327 break; 00001328 if (time_after(jiffies, orig_jiffies + adap->timeout)) 00001329 break; 00001330 } 00001331 i2c_unlock_adapter(adap); 00001332 00001333 return ret; 00001334 } else { 00001335 dev_dbg(&adap->dev, "I2C level transfers not supported\n"); 00001336 return -EOPNOTSUPP; 00001337 } 00001338 }
一看,呆了眼,函数里面竟然有这么多注释。
1303行,master_xfer这个指针是有赋值的,因此执行if里面的语句。
1304至1311行,调试相关的,打印一些调试信息。
1313至1320行,锁住当前的适配器。
1324行,adap->retries的值在IIC控制器初始化的时候就设置为2,因此重试2次。
1325行,调用的是drivers/i2c/busses/i2c-s3c2410.c里的s3c24xx_i2c_xfer函数,它的定义:
00000551 static int s3c24xx_i2c_xfer(struct i2c_adapter *adap, 00000552 struct i2c_msg *msgs, int num) 00000553 { 00000554 struct s3c24xx_i2c *i2c = (struct s3c24xx_i2c *)adap->algo_data; 00000555 int retry; 00000556 int ret; 00000557 00000558 for (retry = 0; retry < adap->retries; retry++) { 00000559 00000560 ret = s3c24xx_i2c_doxfer(i2c, msgs, num); 00000561 00000562 if (ret != -EAGAIN) 00000563 return ret; 00000564 00000565 dev_dbg(i2c->dev, "Retrying transmission (%d)\n", retry); 00000566 00000567 udelay(100); 00000568 } 00000569 00000570 return -EREMOTEIO; 00000571 }
