summaryrefslogtreecommitdiff
path: root/drivers/mmc
diff options
context:
space:
mode:
authorBalaji T K <balajitk@ti.com>2012-11-19 21:59:55 +0530
committerChris Ball <cjb@laptop.org>2012-12-06 13:54:54 -0500
commit25e1897bf59b917a696b84b8cf28a5373157404d (patch)
tree34b1186e075e071c446c61ac819234c85b53958f /drivers/mmc
parentab269128a2cff7abee06f023e6466fc29991738c (diff)
downloadlwn-25e1897bf59b917a696b84b8cf28a5373157404d.tar.gz
lwn-25e1897bf59b917a696b84b8cf28a5373157404d.zip
mmc: omap_hsmmc: Fix Oops in case of data errors
ae4bf788ee9 ("mmc: omap_hsmmc: consolidate error report handling of HSMMC IRQ") sets both end_cmd and end_trans to 1. Setting end_cmd to 1 for Data Timeout/CRC leads to NULL pointer dereference of host->cmd as the command complete has previously been handled. Set end_cmd only in case of command Timeout/CRC. Moreover host->cmd->error should not be updated on data error case, only host->data->error needs to be updated. Signed-off-by: Balaji T K <balajitk@ti.com> Reviewed-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Venkatraman S <svenkatr@ti.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Diffstat (limited to 'drivers/mmc')
-rw-r--r--drivers/mmc/host/omap_hsmmc.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c
index 5434fd8e088a..0fcf792af823 100644
--- a/drivers/mmc/host/omap_hsmmc.c
+++ b/drivers/mmc/host/omap_hsmmc.c
@@ -969,10 +969,14 @@ static inline void omap_hsmmc_reset_controller_fsm(struct omap_hsmmc_host *host,
__func__);
}
-static void hsmmc_command_incomplete(struct omap_hsmmc_host *host, int err)
+static void hsmmc_command_incomplete(struct omap_hsmmc_host *host,
+ int err, int end_cmd)
{
omap_hsmmc_reset_controller_fsm(host, SRC);
- host->cmd->error = err;
+ if (end_cmd) {
+ if (host->cmd)
+ host->cmd->error = err;
+ }
if (host->data) {
omap_hsmmc_reset_controller_fsm(host, SRD);
@@ -991,14 +995,16 @@ static void omap_hsmmc_do_irq(struct omap_hsmmc_host *host, int status)
if (status & ERR) {
omap_hsmmc_dbg_report_irq(host, status);
+
+ if (status & (CMD_TIMEOUT | CMD_CRC))
+ end_cmd = 1;
if (status & (CMD_TIMEOUT | DATA_TIMEOUT))
- hsmmc_command_incomplete(host, -ETIMEDOUT);
+ hsmmc_command_incomplete(host, -ETIMEDOUT, end_cmd);
else if (status & (CMD_CRC | DATA_CRC))
- hsmmc_command_incomplete(host, -EILSEQ);
+ hsmmc_command_incomplete(host, -EILSEQ, end_cmd);
- end_cmd = 1;
if (host->data || host->response_busy) {
- end_trans = 1;
+ end_trans = !end_cmd;
host->response_busy = 0;
}
}