On our board we would occationally see what looked like a
kernel hang while doing RPMB operations, some additional
printk debugging revealed that in the trouble case data
such as this was being sent to the kernel:
[ 109.076981] idata[0]->ic->opcode = 0x19
[ 109.077027] idata[0]->ic->arg = 0x0
[ 109.080954] idata[0]->ic->write_flag = 0x1
[ 109.084691] idata[0]->ic->is_acmd = 0x0
[ 109.089007] idata[0]->ic->flags = 0xb5
[ 109.092949] idata[0]->ic->blocks = 0x1
[ 109.096865] idata[0]->ic->blksz = 0x200
[ 109.100791] idata[0]->ic->postsleep_min_us = 0x7473696e
[ 109.104745] idata[0]->ic->postsleep_max_us = 0x34383370
[ 109.110167] idata[0]->ic->data_timeout_ns = 0x7265632d
[ 109.115494] idata[0]->ic->data_ptr = 00000000e7ddd4cd
[ 109.120832] idata[0]->rpmb = 00000000ffab5640
[ 109.126077] idata[1]->ic->opcode = 0x12
[ 109.130622] idata[1]->ic->arg = 0x0
[ 109.135451] idata[1]->ic->write_flag = 0x0
[ 109.139153] idata[1]->ic->is_acmd = 0x0
[ 109.143437] idata[1]->ic->flags = 0xb5
[ 109.147553] idata[1]->ic->blocks = 0x1
[ 109.151420] idata[1]->ic->blksz = 0x200
[ 109.155251] idata[1]->ic->postsleep_min_us = 0x652d6873
[ 109.159166] idata[1]->ic->postsleep_max_us = 0x35353264
[ 109.164561] idata[1]->ic->data_timeout_ns = 0x632d3931
[ 109.169915] idata[1]->ic->data_ptr = 00000000bc641ed4
[ 109.175152] idata[1]->rpmb = 00000000ffab5640
Therefor, zero-init the MMC_IOC_MULTI_CMD structures to
avoid the obscene sleep values.
Signed-off-by: John Ernberg <john.ernberg@xxxxxxxx>
---
mmc_cmds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mmc_cmds.c b/mmc_cmds.c
index fb37189..884cdf8 100644
--- a/mmc_cmds.c
+++ b/mmc_cmds.c
@@ -1922,7 +1922,7 @@ static int do_rpmb_op(int fd,
/* prepare arguments for MMC_IOC_MULTI_CMD ioctl */
mioc = (struct mmc_ioc_multi_cmd *)
- malloc(sizeof (struct mmc_ioc_multi_cmd) +
+ calloc(1, sizeof (struct mmc_ioc_multi_cmd) +
RPMB_MULTI_CMD_MAX_CMDS * sizeof (struct mmc_ioc_cmd));
if (!mioc) {
return -ENOMEM;
--
2.29.2
