diff options
author | Doug Anderson <dianders@chromium.org> | 2015-04-03 11:13:07 -0700 |
---|---|---|
committer | Ulf Hansson <ulf.hansson@linaro.org> | 2015-04-09 09:08:32 +0200 |
commit | 49ba030221d23ad8e35deb66b74873b852f4d7bf (patch) | |
tree | 5278c1a485d331df11679c9b76bca0e09257d286 | |
parent | fd6741983386a7ec1c707a4c93e7a26e383cc571 (diff) | |
download | op-kernel-dev-49ba030221d23ad8e35deb66b74873b852f4d7bf.zip op-kernel-dev-49ba030221d23ad8e35deb66b74873b852f4d7bf.tar.gz |
mmc: dw_mmc: Add locking around cmd11 timer
It is possible for the cmd11 interrupt to fire and delete the
cmd11_timer before the cmd11_timer was actually setup. Let's fix this
race by adding a few spinlocks. Note that the race wasn't seen in
practice without adding some printk statements, but it still seems
wise to fix.
Fixes: 5c935165da79 ("mmc: dw_mmc: Add a timeout for sending CMD11")
Signed-off-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
-rw-r--r-- | drivers/mmc/host/dw_mmc.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c index c2b5683..38b2926 100644 --- a/drivers/mmc/host/dw_mmc.c +++ b/drivers/mmc/host/dw_mmc.c @@ -1023,14 +1023,23 @@ static void __dw_mci_start_request(struct dw_mci *host, dw_mci_start_command(host, cmd, cmdflags); if (cmd->opcode == SD_SWITCH_VOLTAGE) { + unsigned long irqflags; + /* * Databook says to fail after 2ms w/ no response, but evidence * shows that sometimes the cmd11 interrupt takes over 130ms. * We'll set to 500ms, plus an extra jiffy just in case jiffies * is just about to roll over. + * + * We do this whole thing under spinlock and only if the + * command hasn't already completed (indicating the the irq + * already ran so we don't want the timeout). */ - mod_timer(&host->cmd11_timer, - jiffies + msecs_to_jiffies(500) + 1); + spin_lock_irqsave(&host->irq_lock, irqflags); + if (!test_bit(EVENT_CMD_COMPLETE, &host->pending_events)) + mod_timer(&host->cmd11_timer, + jiffies + msecs_to_jiffies(500) + 1); + spin_unlock_irqrestore(&host->irq_lock, irqflags); } if (mrq->stop) @@ -2160,11 +2169,20 @@ static irqreturn_t dw_mci_interrupt(int irq, void *dev_id) /* Check volt switch first, since it can look like an error */ if ((host->state == STATE_SENDING_CMD11) && (pending & SDMMC_INT_VOLT_SWITCH)) { - del_timer(&host->cmd11_timer); + unsigned long irqflags; mci_writel(host, RINTSTS, SDMMC_INT_VOLT_SWITCH); pending &= ~SDMMC_INT_VOLT_SWITCH; + + /* + * Hold the lock; we know cmd11_timer can't be kicked + * off after the lock is released, so safe to delete. + */ + spin_lock_irqsave(&host->irq_lock, irqflags); dw_mci_cmd_interrupt(host, pending); + spin_unlock_irqrestore(&host->irq_lock, irqflags); + + del_timer(&host->cmd11_timer); } if (pending & DW_MCI_CMD_ERROR_FLAGS) { |