Re: [PATCH] mmc: mediatek: fix race condition between msdc_request_timeout and irq

From: Ulf Hansson
Date: Wed Jan 13 2021 - 06:26:17 EST

Next message: Ulf Hansson: "Re: [PATCH 2/2] mmc: rtsx: Add MMC_CAP2_NO_SDIO flag"
Previous message: Topi Miettinen: "Re: [PATCH v9] mm: Optional full ASLR for mmap(), mremap(), vdso, stack and heap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 18 Dec 2020 at 08:16, Chaotian Jing <chaotian.jing@xxxxxxxxxxxx> wrote:
>
> when get request SW timeout, if CMD/DAT xfer done irq coming right now,
> then there is race between the msdc_request_timeout work and irq handler,
> and the host->cmd and host->data may set to NULL in irq handler. also,
> current flow ensure that only one path can go to msdc_request_done(), so
> no need check the return value of cancel_delayed_work().
>
> Signed-off-by: Chaotian Jing <chaotian.jing@xxxxxxxxxxxx>

Applied for next, thanks!

Kind regards
Uffe

> ---
> drivers/mmc/host/mtk-sd.c | 18 ++++++++++--------
> 1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c
> index de09c6347524..898ed1b023df 100644
> --- a/drivers/mmc/host/mtk-sd.c
> +++ b/drivers/mmc/host/mtk-sd.c
> @@ -1127,13 +1127,13 @@ static void msdc_track_cmd_data(struct msdc_host *host,
> static void msdc_request_done(struct msdc_host *host, struct mmc_request *mrq)
> {
> unsigned long flags;
> - bool ret;
>
> - ret = cancel_delayed_work(&host->req_timeout);
> - if (!ret) {
> - /* delay work already running */
> - return;
> - }
> + /*
> + * No need check the return value of cancel_delayed_work, as only ONE
> + * path will go here!
> + */
> + cancel_delayed_work(&host->req_timeout);
> +
> spin_lock_irqsave(&host->lock, flags);
> host->mrq = NULL;
> spin_unlock_irqrestore(&host->lock, flags);
> @@ -1155,7 +1155,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
> bool done = false;
> bool sbc_error;
> unsigned long flags;
> - u32 *rsp = cmd->resp;
> + u32 *rsp;
>
> if (mrq->sbc && cmd == mrq->cmd &&
> (events & (MSDC_INT_ACMDRDY | MSDC_INT_ACMDCRCERR
> @@ -1176,6 +1176,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
>
> if (done)
> return true;
> + rsp = cmd->resp;
>
> sdr_clr_bits(host->base + MSDC_INTEN, cmd_ints_mask);
>
> @@ -1363,7 +1364,7 @@ static void msdc_data_xfer_next(struct msdc_host *host,
> static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
> struct mmc_request *mrq, struct mmc_data *data)
> {
> - struct mmc_command *stop = data->stop;
> + struct mmc_command *stop;
> unsigned long flags;
> bool done;
> unsigned int check_data = events &
> @@ -1379,6 +1380,7 @@ static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
>
> if (done)
> return true;
> + stop = data->stop;
>
> if (check_data || (stop && stop->error)) {
> dev_dbg(host->dev, "DMA status: 0x%8X\n",
> --
> 2.18.0
>

Next message: Ulf Hansson: "Re: [PATCH 2/2] mmc: rtsx: Add MMC_CAP2_NO_SDIO flag"
Previous message: Topi Miettinen: "Re: [PATCH v9] mm: Optional full ASLR for mmap(), mremap(), vdso, stack and heap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]