When reading_reply is set, reply_ptr points into an adb_request struct.
Conversely, when reply_ptr instead points into the global cuda_rbuf,
reading_reply must be false.
Unfortunately, this rule can be violated because re-initialization
of reply_ptr and reading_reply presently depends on the TREQ input.
Fix this by re-initializing reply_ptr and reading_reply as soon as they
are known to be invalid.
Tested-by: Stan Johnson <user...@yahoo.com>
Signed-off-by: Finn Thain <fth...@telegraphics.com.au>
---
drivers/macintosh/via-cuda.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/macintosh/via-cuda.c b/drivers/macintosh/via-cuda.c
index 1cf1467..ae3da6b 100644
--- a/drivers/macintosh/via-cuda.c
+++ b/drivers/macintosh/via-cuda.c
@@ -592,6 +592,7 @@ cuda_interrupt(int irq, void *arg)
}
current_req = req->next;
complete = 1;
+ reading_reply = 0;
} else {
/* This is tricky. We must break the spinlock to call
* cuda_input. However, doing so means we might get
@@ -603,11 +604,10 @@ cuda_interrupt(int irq, void *arg)
ibuf_len = reply_ptr - cuda_rbuf;
memcpy(ibuf, cuda_rbuf, ibuf_len);
}
+ reply_ptr = cuda_rbuf;
if (TREQ_asserted(status)) {
assert_TIP();
cuda_state = reading;
- reply_ptr = cuda_rbuf;
- reading_reply = 0;
} else {
cuda_state = idle;
cuda_start();
--
2.10.2
