mmc: omap_hsmmc: Fix Oops in case of data errors
authorBalaji T K <balajitk@ti.com>
Mon, 19 Nov 2012 16:29:55 +0000 (21:59 +0530)
committerChris Ball <cjb@laptop.org>
Thu, 6 Dec 2012 18:54:54 +0000 (13:54 -0500)
ae4bf788ee9 ("mmc: omap_hsmmc: consolidate error report handling of HSMMC
IRQ") sets both end_cmd and end_trans to 1.

Setting end_cmd to 1 for Data Timeout/CRC leads to NULL pointer dereference of
host->cmd as the command complete has previously been handled.
Set end_cmd only in case of command Timeout/CRC.

Moreover host->cmd->error should not be updated on data error case, only
host->data->error needs to be updated.

Signed-off-by: Balaji T K <balajitk@ti.com>
Reviewed-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
drivers/mmc/host/omap_hsmmc.c

index 5434fd8e088ada0bb7b360f5028f58b05320e15e..0fcf792af82374ff1ffa9085a3877fcb07a72028 100644 (file)
@@ -969,10 +969,14 @@ static inline void omap_hsmmc_reset_controller_fsm(struct omap_hsmmc_host *host,
                        __func__);
 }
 
-static void hsmmc_command_incomplete(struct omap_hsmmc_host *host, int err)
+static void hsmmc_command_incomplete(struct omap_hsmmc_host *host,
+                                       int err, int end_cmd)
 {
        omap_hsmmc_reset_controller_fsm(host, SRC);
-       host->cmd->error = err;
+       if (end_cmd) {
+               if (host->cmd)
+                       host->cmd->error = err;
+       }
 
        if (host->data) {
                omap_hsmmc_reset_controller_fsm(host, SRD);
@@ -991,14 +995,16 @@ static void omap_hsmmc_do_irq(struct omap_hsmmc_host *host, int status)
 
        if (status & ERR) {
                omap_hsmmc_dbg_report_irq(host, status);
+
+               if (status & (CMD_TIMEOUT | CMD_CRC))
+                       end_cmd = 1;
                if (status & (CMD_TIMEOUT | DATA_TIMEOUT))
-                       hsmmc_command_incomplete(host, -ETIMEDOUT);
+                       hsmmc_command_incomplete(host, -ETIMEDOUT, end_cmd);
                else if (status & (CMD_CRC | DATA_CRC))
-                       hsmmc_command_incomplete(host, -EILSEQ);
+                       hsmmc_command_incomplete(host, -EILSEQ, end_cmd);
 
-               end_cmd = 1;
                if (host->data || host->response_busy) {
-                       end_trans = 1;
+                       end_trans = !end_cmd;
                        host->response_busy = 0;
                }
        }