| Message ID | 1353342601-15210-1-git-send-email-svenkatr@ti.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi Venkat, On Mon, Nov 19 2012, Venkatraman S wrote: > From: Balaji T K <balajitk@ti.com> > > "commit ae4bf788ee9bf7c2d51b0309117d1fcccbdd50a2 > mmc: omap_hsmmc: consolidate error report handling of HSMMC IRQ" > sets both end_cmd and end_trans to 1. > > Setting end_cmd to 1 for Data Timeout/CRC leads to NULL pointer dereference of > host->cmd as the command complete has previously been handled. > Set end_cmd only in case of command Timeout/CRC. > > Moreover host->cmd->error should not be updated on data error case, only > host->data->error needs to be updated. > > Signed-off-by: Balaji T K <balajitk@ti.com> > Reviewed-by: Felipe Balbi <balbi@ti.com> > Signed-off-by: Venkatraman S <svenkatr@ti.com> Thanks, pushed all 7 patches to mmc-next for 3.8. - Chris.
On Mon, Nov 26, 2012 at 2:19 AM, Chris Ball <cjb@laptop.org> wrote: > Hi Venkat, > > On Mon, Nov 19 2012, Venkatraman S wrote: >> From: Balaji T K <balajitk@ti.com> >> >> "commit ae4bf788ee9bf7c2d51b0309117d1fcccbdd50a2 >> mmc: omap_hsmmc: consolidate error report handling of HSMMC IRQ" >> sets both end_cmd and end_trans to 1. >> >> Setting end_cmd to 1 for Data Timeout/CRC leads to NULL pointer dereference of >> host->cmd as the command complete has previously been handled. >> Set end_cmd only in case of command Timeout/CRC. >> >> Moreover host->cmd->error should not be updated on data error case, only >> host->data->error needs to be updated. >> >> Signed-off-by: Balaji T K <balajitk@ti.com> >> Reviewed-by: Felipe Balbi <balbi@ti.com> >> Signed-off-by: Venkatraman S <svenkatr@ti.com> > > Thanks, pushed all 7 patches to mmc-next for 3.8. > Great - Thank you ! -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c index 5434fd8..0fcf792 100644 --- a/drivers/mmc/host/omap_hsmmc.c +++ b/drivers/mmc/host/omap_hsmmc.c @@ -969,10 +969,14 @@ static inline void omap_hsmmc_reset_controller_fsm(struct omap_hsmmc_host *host, __func__); } -static void hsmmc_command_incomplete(struct omap_hsmmc_host *host, int err) +static void hsmmc_command_incomplete(struct omap_hsmmc_host *host, + int err, int end_cmd) { omap_hsmmc_reset_controller_fsm(host, SRC); - host->cmd->error = err; + if (end_cmd) { + if (host->cmd) + host->cmd->error = err; + } if (host->data) { omap_hsmmc_reset_controller_fsm(host, SRD); @@ -991,14 +995,16 @@ static void omap_hsmmc_do_irq(struct omap_hsmmc_host *host, int status) if (status & ERR) { omap_hsmmc_dbg_report_irq(host, status); + + if (status & (CMD_TIMEOUT | CMD_CRC)) + end_cmd = 1; if (status & (CMD_TIMEOUT | DATA_TIMEOUT)) - hsmmc_command_incomplete(host, -ETIMEDOUT); + hsmmc_command_incomplete(host, -ETIMEDOUT, end_cmd); else if (status & (CMD_CRC | DATA_CRC)) - hsmmc_command_incomplete(host, -EILSEQ); + hsmmc_command_incomplete(host, -EILSEQ, end_cmd); - end_cmd = 1; if (host->data || host->response_busy) { - end_trans = 1; + end_trans = !end_cmd; host->response_busy = 0; } }