Re: [PATCH 3/3] mmc: card: fix the remove of blk on suspend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 26 August 2013 08:47, Seungwon Jeon <tgih.jun@xxxxxxxxxxx> wrote:
> On Friday, August 23 2013, Jaehoon Chung wrote:
>> On 08/23/2013 06:23 PM, Ulf Hansson wrote:
>> > On 21 August 2013 14:42, Seungwon Jeon <tgih.jun@xxxxxxxxxxx> wrote:
>> >> From 029a839ddf6f13a1e1a8bf4d4bc32b67712593ec Mon Sep 17 00:00:00 2001
>> >> From: Seungwon Jeon <tgih.jun@xxxxxxxxxxx>
>> >> Date: Wed, 21 Aug 2013 17:30:02 +0900
>> >> Subject: [PATCH 3/3] mmc: fix the remove of blk on suspend
>> >>
>> >> As mmc_cleanup_queue() is moved, NULL pointer access to card of
>> >> mmc_queue is happened since commit fdfa20c1(mmc: reordered shutdown
>> >> sequence mmc_bld_remove_req).
>> >>
>> >> Here, mmc_cleanup_queue is split into two parts.
>> >> One is to quit the mmc_queue and two is to clean up the resource
>> >> of mmc_queue.
>> >>
>> >> The following is log message related to the problem.
>> >>
>> >> Unable to handle kernel NULL pointer dereference at virtual address 000002a8
>> >> pgd = ecd9c000
>> >> [000002a8] *pgd=6d082831, *pte=00000000, *ppte=00000000
>> >> Internal error: Oops: 17 [#1] SMP ARM
>> >> Modules linked in: bnep rfcomm smsc95xx usbnet mii bluetooth nfsd lockd nfs_acl exportfs
>> auth_rpcgss sunrpc oid_registry vfat fat btrfs raid6_pq xor zlib_deflate
>> >> CPU: 3 PID: 2384 Comm: bash Not tainted 3.11.0-rc4-00869-ga7143f1-dirty #60
>> >> task: c46d9b00 ti: ecefc000 task.ti: ecefc000
>> >> PC is at mmc_blk_remove_req+0x58/0x88
>> >> LR is at _raw_spin_unlock_irqrestore+0xc/0x14
>> >> pc : [<c034e7d8>]    lr : [<c0494ac8>]    psr: 200f0053
>> >> sp : ecefddf8  ip : 00000000  fp : 000dc1e8
>> >> r10: c058ead8  r9 : ecce3f18  r8 : 00100100
>> >> r7 : 00200200  r6 : c26b7118  r5 : 00000000  r4 : c26b1dc0
>> >> r3 : 00000002  r2 : 00000000  r1 : 200f0053  r0 : 00000000
>> >> Flags: nzCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
>> >> Control: 10c5387d  Table: 6cd9c04a  DAC: 00000015
>> >> Process bash (pid: 2384, stack limit = 0xecefc240)
>> >> Stack: (0xecefddf8 to 0xecefe000)
>> >> <...>
>> >> [<c034e7d8>] (mmc_blk_remove_req+0x58/0x88) from [<c03512d0>]
>> >> (mmc_blk_remove_parts.isra.5+0x90/0xa8)
>> >> [<c03512d0>] (mmc_blk_remove_parts.isra.5+0x90/0xa8) from
>> >> [<c0351308>] (mmc_blk_remove+0x20/0x128)
>> >> [<c0351308>] (mmc_blk_remove+0x20/0x128) from [<c034409c>] (mmc_bus_remove+0x18/0x20)
>> >> [<c034409c>] (mmc_bus_remove+0x18/0x20) from [<c0265a20>] (__device_release_driver+0x7c/0xc8)
>> >> [<c0265a20>] (__device_release_driver+0x7c/0xc8) from [<c0265a88>] (device_release_driver+0x1c/0x28)
>> >> [<c0265a88>] (device_release_driver+0x1c/0x28) from [<c0265410>] (bus_remove_device+0x100/0x11c)
>> >> [<c0265410>] (bus_remove_device+0x100/0x11c) from [<c0262c04>] (device_del+0x110/0x174)
>> >> [<c0262c04>] (device_del+0x110/0x174) from [<c034463c>] (mmc_remove_card+0x64/0x78)
>> >> [<c034463c>] (mmc_remove_card+0x64/0x78) from [<c0345124>] (mmc_remove+0x24/0x30)
>> >> [<c0345124>] (mmc_remove+0x24/0x30) from [<c0343fb0>] (mmc_pm_notify+0x94/0xf8)
>> >> [<c0343fb0>] (mmc_pm_notify+0x94/0xf8) from [<c00413b4>] (notifier_call_chain+0x44/0x84)
>> >> [<c00413b4>] (notifier_call_chain+0x44/0x84) from [<c00417b4>]
>> (__blocking_notifier_call_chain+0x48/0x60)
>> >> [<c00417b4>] (__blocking_notifier_call_chain+0x48/0x60) from [<c00417e4>]
>> (blocking_notifier_call_chain+0x18/0x20)
>> >> [<c00417e4>] (blocking_notifier_call_chain+0x18/0x20) from [<c0059d48>]
>> (pm_notifier_call_chain+0x14/0x2c)
>> >> [<c0059d48>] (pm_notifier_call_chain+0x14/0x2c) from [<c005aa9c>] (pm_suspend+0xac/0x24c)
>> >> [<c005aa9c>] (pm_suspend+0xac/0x24c) from [<c0059a68>] (state_store+0xb0/0xc4)
>> >> [<c0059a68>] (state_store+0xb0/0xc4) from [<c01d610c>] (kobj_attr_store+0x14/0x20)
>> >> [<c01d610c>] (kobj_attr_store+0x14/0x20) from [<c012b224>] (sysfs_write_file+0x118/0x164)
>> >> [<c012b224>] (sysfs_write_file+0x118/0x164) from [<c00d59d4>] (vfs_write+0xd8/0x178)
>> >> [<c00d59d4>] (vfs_write+0xd8/0x178) from [<c00d5d3c>] (SyS_write+0x40/0x68)
>> >> [<c00d5d3c>] (SyS_write+0x40/0x68) from [<c000ea20>] (ret_fast_syscall+0x0/0x30)
>> >> Code: ebfc509b e59432dc e3130002 0a000006 (e5d532a8)
>> >>
>> >> Reported-by: Alban Browaeys <prahal@xxxxxxxxx>
>> >> Signed-off-by: Seungwon Jeon <tgih.jun@xxxxxxxxxxx>
>> >
>> > Acked-by: Ulf Hansson <ulf.hansson@xxxxxxxxxx>
>>
>> Acked-by: Jaehoon Chung <jh80.chung@xxxxxxxxxxx>
>>
>> Best Regards,
>> Jaehoon Chung
>
> Ulf and Jaehoon,
> Thank you for acks.
>
> But it could be replaced with [PATCH] mmc: fix null pointer use in mmc_blk_remove_req.
> We would have found that. It has been merged.

I noticed that now as well.

So this patch can be completely dropped then?

Kind regards
Ulf Hansson

>
> Thanks,
> Seungwon Jeon
>
>> >
>> >> ---
>> >>  drivers/mmc/card/block.c |    9 ++++++---
>> >>  drivers/mmc/card/queue.c |   11 ++++++++---
>> >>  drivers/mmc/card/queue.h |    1 +
>> >>  3 files changed, 15 insertions(+), 6 deletions(-)
>> >>
>> >> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
>> >> index cd0b7f4..1e6726d 100644
>> >> --- a/drivers/mmc/card/block.c
>> >> +++ b/drivers/mmc/card/block.c
>> >> @@ -2191,9 +2191,7 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md)
>> >>                  * is freeing the queue that stops new requests
>> >>                  * from being accepted.
>> >>                  */
>> >> -               mmc_cleanup_queue(&md->queue);
>> >> -               if (md->flags & MMC_BLK_PACKED_CMD)
>> >> -                       mmc_packed_clean(&md->queue);
>> >> +               mmc_quit_queue(&md->queue);
>> >>                 card = md->queue.card;
>> >>                 if (md->disk->flags & GENHD_FL_UP) {
>> >>                         device_remove_file(disk_to_dev(md->disk), &md->force_ro);
>> >> @@ -2204,6 +2202,11 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md)
>> >>
>> >>                         del_gendisk(md->disk);
>> >>                 }
>> >> +
>> >> +               mmc_cleanup_queue(&md->queue);
>> >> +               if (md->flags & MMC_BLK_PACKED_CMD)
>> >> +                       mmc_packed_clean(&md->queue);
>> >> +
>> >>                 mmc_blk_put(md);
>> >>         }
>> >>  }
>> >> diff --git a/drivers/mmc/card/queue.c b/drivers/mmc/card/queue.c
>> >> index fa9632e..82e5550 100644
>> >> --- a/drivers/mmc/card/queue.c
>> >> +++ b/drivers/mmc/card/queue.c
>> >> @@ -318,12 +318,10 @@ int mmc_init_queue(struct mmc_queue *mq, struct mmc_card *card,
>> >>         return ret;
>> >>  }
>> >>
>> >> -void mmc_cleanup_queue(struct mmc_queue *mq)
>> >> +void mmc_quit_queue(struct mmc_queue *mq)
>> >>  {
>> >>         struct request_queue *q = mq->queue;
>> >>         unsigned long flags;
>> >> -       struct mmc_queue_req *mqrq_cur = mq->mqrq_cur;
>> >> -       struct mmc_queue_req *mqrq_prev = mq->mqrq_prev;
>> >>
>> >>         /* Make sure the queue isn't suspended, as that will deadlock */
>> >>         mmc_queue_resume(mq);
>> >> @@ -336,6 +334,13 @@ void mmc_cleanup_queue(struct mmc_queue *mq)
>> >>         q->queuedata = NULL;
>> >>         blk_start_queue(q);
>> >>         spin_unlock_irqrestore(q->queue_lock, flags);
>> >> +}
>> >> +EXPORT_SYMBOL(mmc_quit_queue);
>> >> +
>> >> +void mmc_cleanup_queue(struct mmc_queue *mq)
>> >> +{
>> >> +       struct mmc_queue_req *mqrq_cur = mq->mqrq_cur;
>> >> +       struct mmc_queue_req *mqrq_prev = mq->mqrq_prev;
>> >>
>> >>         kfree(mqrq_cur->bounce_sg);
>> >>         mqrq_cur->bounce_sg = NULL;
>> >> diff --git a/drivers/mmc/card/queue.h b/drivers/mmc/card/queue.h
>> >> index 5752d50..a3d89a2 100644
>> >> --- a/drivers/mmc/card/queue.h
>> >> +++ b/drivers/mmc/card/queue.h
>> >> @@ -61,6 +61,7 @@ struct mmc_queue {
>> >>
>> >>  extern int mmc_init_queue(struct mmc_queue *, struct mmc_card *, spinlock_t *,
>> >>                           const char *);
>> >> +extern void mmc_quit_queue(struct mmc_queue *);
>> >>  extern void mmc_cleanup_queue(struct mmc_queue *);
>> >>  extern void mmc_queue_suspend(struct mmc_queue *);
>> >>  extern void mmc_queue_resume(struct mmc_queue *);
>> >> --
>> >> 1.7.0.4
>> >>
>> >>
>> >> --
>> >> To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
>> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> > --
>> > To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
>> > the body of a message to majordomo@xxxxxxxxxxxxxxx
>> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> >
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux USB Devel]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux