mmc: mediatek: fix race condition between msdc_request_timeout and irq

when get request SW timeout, if CMD/DAT xfer done irq coming right now,
then there is race between the msdc_request_timeout work and irq handler,
and the host->cmd and host->data may set to NULL in irq handler. also,
current flow ensure that only one path can go to msdc_request_done(), so
no need check the return value of cancel_delayed_work().

Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
Link: https://lore.kernel.org/r/20201218071611.12276-1-chaotian.jing@mediatek.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
This commit is contained in:
Chaotian Jing 2020-12-18 15:16:11 +08:00 committed by Ulf Hansson
parent 69e7d76afd
commit 0354ca6edd

View File

@ -1127,13 +1127,13 @@ static void msdc_track_cmd_data(struct msdc_host *host,
static void msdc_request_done(struct msdc_host *host, struct mmc_request *mrq) static void msdc_request_done(struct msdc_host *host, struct mmc_request *mrq)
{ {
unsigned long flags; unsigned long flags;
bool ret;
ret = cancel_delayed_work(&host->req_timeout); /*
if (!ret) { * No need check the return value of cancel_delayed_work, as only ONE
/* delay work already running */ * path will go here!
return; */
} cancel_delayed_work(&host->req_timeout);
spin_lock_irqsave(&host->lock, flags); spin_lock_irqsave(&host->lock, flags);
host->mrq = NULL; host->mrq = NULL;
spin_unlock_irqrestore(&host->lock, flags); spin_unlock_irqrestore(&host->lock, flags);
@ -1155,7 +1155,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
bool done = false; bool done = false;
bool sbc_error; bool sbc_error;
unsigned long flags; unsigned long flags;
u32 *rsp = cmd->resp; u32 *rsp;
if (mrq->sbc && cmd == mrq->cmd && if (mrq->sbc && cmd == mrq->cmd &&
(events & (MSDC_INT_ACMDRDY | MSDC_INT_ACMDCRCERR (events & (MSDC_INT_ACMDRDY | MSDC_INT_ACMDCRCERR
@ -1176,6 +1176,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
if (done) if (done)
return true; return true;
rsp = cmd->resp;
sdr_clr_bits(host->base + MSDC_INTEN, cmd_ints_mask); sdr_clr_bits(host->base + MSDC_INTEN, cmd_ints_mask);
@ -1363,7 +1364,7 @@ static void msdc_data_xfer_next(struct msdc_host *host,
static bool msdc_data_xfer_done(struct msdc_host *host, u32 events, static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
struct mmc_request *mrq, struct mmc_data *data) struct mmc_request *mrq, struct mmc_data *data)
{ {
struct mmc_command *stop = data->stop; struct mmc_command *stop;
unsigned long flags; unsigned long flags;
bool done; bool done;
unsigned int check_data = events & unsigned int check_data = events &
@ -1379,6 +1380,7 @@ static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
if (done) if (done)
return true; return true;
stop = data->stop;
if (check_data || (stop && stop->error)) { if (check_data || (stop && stop->error)) {
dev_dbg(host->dev, "DMA status: 0x%8X\n", dev_dbg(host->dev, "DMA status: 0x%8X\n",