Hi,
On 19 February 2013 15:14, Anatolij Gustschin <agust@xxxxxxx> wrote:
> On Fri, 7 Sep 2012 12:43:37 +0200
> Javier Martin <javier.martin@xxxxxxxxxxxxxxxxx> wrote:
> ...
>> +static void mxcmci_dma_callback(void *data)
>> +{
>> + struct mxcmci_host *host = data;
>> + u32 stat;
>> +
>> + del_timer(&host->watchdog);
>> +
>> + stat = readl(host->base + MMC_REG_STATUS);
>> + writel(stat & ~STATUS_DATA_TRANS_DONE, host->base + MMC_REG_STATUS);
>> +
>> + dev_dbg(mmc_dev(host->mmc), "%s: 0x%08x\n", __func__, stat);
>> +
>> + if (stat & STATUS_READ_OP_DONE)
>> + writel(STATUS_READ_OP_DONE, host->base + MMC_REG_STATUS);
>> +
>> + mxcmci_data_done(host, stat);
>
> this change introduces a race condition for host->req (and maybe
> for host->data) accesses. The callback is running in soft-irq context and can
> be interrupted by the mxcmci_irq() interrupt which can finish the request and
> set host->req to NULL. Then mxcmci_data_done() crashes with a null pointer
> dereference. How extensively was it tested?
It was tested executing a loop with bonnie++ for a week.
I didn't notice the race condition. Have you had real issues or just
found it by analysing the code?
Regards.
--
Javier Martin
Vista Silicon S.L.
CDTUC - FASE C - Oficina S-345
Avda de los Castros s/n
39005- Santander. Cantabria. Spain
+34 942 25 32 60
www.vista-silicon.com
--
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
