Thread (2 messages) 2 messages, 2 authors, 2021-01-13

Re: [PATCH] mmc: mediatek: fix race condition between msdc_request_timeout and irq

From: Ulf Hansson <hidden>
Date: 2021-01-13 11:26:28
Also in: linux-arm-kernel, linux-mmc, lkml

On Fri, 18 Dec 2020 at 08:16, Chaotian Jing [off-list ref] wrote:
when get request SW timeout, if CMD/DAT xfer done irq coming right now,
then there is race between the msdc_request_timeout work and irq handler,
and the host->cmd and host->data may set to NULL in irq handler. also,
current flow ensure that only one path can go to msdc_request_done(), so
no need check the return value of cancel_delayed_work().

Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
Applied for next, thanks!

Kind regards
Uffe

quoted hunk ↗ jump to hunk
---
 drivers/mmc/host/mtk-sd.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c
index de09c6347524..898ed1b023df 100644
--- a/drivers/mmc/host/mtk-sd.c
+++ b/drivers/mmc/host/mtk-sd.c
@@ -1127,13 +1127,13 @@ static void msdc_track_cmd_data(struct msdc_host *host,
 static void msdc_request_done(struct msdc_host *host, struct mmc_request *mrq)
 {
        unsigned long flags;
-       bool ret;

-       ret = cancel_delayed_work(&host->req_timeout);
-       if (!ret) {
-               /* delay work already running */
-               return;
-       }
+       /*
+        * No need check the return value of cancel_delayed_work, as only ONE
+        * path will go here!
+        */
+       cancel_delayed_work(&host->req_timeout);
+
        spin_lock_irqsave(&host->lock, flags);
        host->mrq = NULL;
        spin_unlock_irqrestore(&host->lock, flags);
@@ -1155,7 +1155,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
        bool done = false;
        bool sbc_error;
        unsigned long flags;
-       u32 *rsp = cmd->resp;
+       u32 *rsp;

        if (mrq->sbc && cmd == mrq->cmd &&
            (events & (MSDC_INT_ACMDRDY | MSDC_INT_ACMDCRCERR
@@ -1176,6 +1176,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,

        if (done)
                return true;
+       rsp = cmd->resp;

        sdr_clr_bits(host->base + MSDC_INTEN, cmd_ints_mask);
@@ -1363,7 +1364,7 @@ static void msdc_data_xfer_next(struct msdc_host *host,
 static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
                                struct mmc_request *mrq, struct mmc_data *data)
 {
-       struct mmc_command *stop = data->stop;
+       struct mmc_command *stop;
        unsigned long flags;
        bool done;
        unsigned int check_data = events &
@@ -1379,6 +1380,7 @@ static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,

        if (done)
                return true;
+       stop = data->stop;

        if (check_data || (stop && stop->error)) {
                dev_dbg(host->dev, "DMA status: 0x%8X\n",
--
2.18.0
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help