Commit cfbf9980 authored Dec 31, 2016 by Finn Thain Committed by Michael Ellerman Feb 07, 2017

via-cuda: Fix re-initialization of reply_ptr and reading_reply



When reading_reply is set, reply_ptr points into an adb_request struct.
Conversely, when reply_ptr instead points into the global cuda_rbuf,
reading_reply must be false.

Unfortunately, this rule can be violated because re-initialization
of reply_ptr and reading_reply presently depends on the TREQ input.

Fix this by re-initializing reply_ptr and reading_reply as soon as they
are known to be invalid.

Tested-by: Stan Johnson <userm57@yahoo.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

parent fe73b582

drivers/macintosh/via-cuda.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -592,6 +592,7 @@ cuda_interrupt(int irq, void *arg)
		}
		current_req = req->next;
		complete = 1;
		reading_reply = 0;
		} else {
		/* This is tricky. We must break the spinlock to call
		* cuda_input. However, doing so means we might get
		@@ -603,11 +604,10 @@ cuda_interrupt(int irq, void *arg)
		ibuf_len = reply_ptr - cuda_rbuf;
		memcpy(ibuf, cuda_rbuf, ibuf_len);
		}
		reply_ptr = cuda_rbuf;
		if (TREQ_asserted(status)) {
		assert_TIP();
		cuda_state = reading;
		reply_ptr = cuda_rbuf;
		reading_reply = 0;
		} else {
		cuda_state = idle;
		cuda_start();