Hello Sascha,
On 01.10.24 11:57, Sascha Hauer wrote:
> In mci_extract_erase_group_size() we test for (IS_SD() && csd_struct_v1)
> which means that for non csd_struct_v1 SD cards we fall into the MMC
> path and evaluate ext_csd. This doesn't exist for SD cards and the
> code crashes with a NULL pointer deref.
>
> Fix this by always falling into the SD case for SD cards. Add the
> missing erase_grp_size extraction for csd_struct v0 cards. The code
> for that is taken from the corresponding Linux code.
>
> Fixes: 91a11c7d50 ("mci: add support for discarding write blocks")
> Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
Reviewed-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
Thanks for the fix,
Ahmad
> ---
> drivers/mci/mci-core.c | 17 ++++++++++++++---
> 1 file changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mci/mci-core.c b/drivers/mci/mci-core.c
> index ec4a5c0749..48a3df9ec9 100644
> --- a/drivers/mci/mci-core.c
> +++ b/drivers/mci/mci-core.c
> @@ -1228,9 +1228,20 @@ static void mci_extract_erase_group_size(struct mci *mci)
> return;
>
>
> - if (IS_SD(mci) && UNSTUFF_BITS(mci->csd, 126, 2) != 0) {
> - /* For SD with csd_struct v1, erase group is always one sector */
> - mci->erase_grp_size = 1;
> + if (IS_SD(mci)) {
> + if (UNSTUFF_BITS(mci->csd, 126, 2) == 0) {
> + unsigned int write_blkbits = UNSTUFF_BITS(mci->csd, 22, 4);
> +
> + if (UNSTUFF_BITS(mci->csd, 46, 1)) {
> + mci->erase_grp_size = 1;
> + } else if (write_blkbits >= 9) {
> + mci->erase_grp_size = UNSTUFF_BITS(mci->csd, 39, 7) + 1;
> + mci->erase_grp_size <<= write_blkbits - 9;
> + }
> + } else {
> + /* For SD with csd_struct v1, erase group is always one sector */
> + mci->erase_grp_size = 1;
> + }
> } else {
> if (mci->ext_csd[EXT_CSD_ERASE_GROUP_DEF] & 0x01) {
> /* Read out group size from ext_csd */
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
