pdev->id is -1 when only one device exists, and is used:
* as an index into drv_mode[] to determine whether to use
PIO or DMA mode (via host->id)
* as an index into msdc_6575_host[], to store the
mmc_priv() data.
Obviously, -1 is not a valid index in either case, causing
us to read invalid memory, and memory corruption,
respectively.
The invalid memory read is causing non-deterministic
behaviour, in particular in the v4.4 kernel it still
picked DMA mode, but in the v4.9 it now always picks
PIO mode.
Also, PIO mode doesn't work, causing the following:
/ # echo 3 > /proc/sys/vm/drop_caches
[ 3845.249237] sh (128): drop_caches: 3
/ # /root/usr/lib/libc.so
[ 3846.096070] do_page_fault(): sending SIGSEGV to libc.so for invalid read access from 7f9cb5a0
[ 3846.104758] epc = 779b0ea4 in libc.so[7792f000+c3000]
[ 3846.109907] ra = 779a8004 in libc.so[7792f000+c3000]
Segmentation fault
/ # /root/usr/lib/libc.so
musl libc (mipsel-sf)
Version 1.1.16-git-40-g54807d47
Dynamic Program Loader
Usage: /root/usr/lib/libc.so [options] [--] pathname [args]
(i.e. initial page-in of any binary causes a segfault,
subsequent access works.)
While this change doesn't fix PIO mode, it at least makes
us deterministically use DMA (which works), and it also
stops us from corrupting memory.
Signed-off-by: André Draszik <git@andred.net>
