In function sdhci_request(), it is possible to do the tuning execution
like below:

sdhci_request() {
	spin_lock_irqsave(&host->lock, flags);
	host->mrq = mrq;
	...
	spin_unlock_irqrestore(&host->lock, flags);

<=== Here it is possible one pending finish_tasklet get running
     and it will operate the original mrq, and notified the mrq
     is done, and causes memory corruption.

	sdhci_execute_tuning(mmc, tuning_opcode);
	spin_lock_irqsave(&host->lock, flags);
	host->mrq = mrq;
...
}

In the above race place, the original mrq should not be finished wrongly,
so here before unlock the spinlock, we need to set the host->mrq to NULL
to avoid this case.
Signed-off-by: NLiu, Chuansheng <chuansheng.liu@intel.com>
Signed-off-by: NChris Ball <cjb@laptop.org>