In mmc driver, a race condition may occur between "sdcard hot plug out" and "system reboot".
How it happen?
sdcard hot pulg out: SyS_reboot:
CPU0 CPU1
mmc_sd_detect() _mmc_sd_suspend
{ {
......
#Step1: detect SD card removed
if (err) { ......
#Step2: host->card is NULL
mmc_sd_remove(host);
#Step3:_mmc_sd_suspend claimed host
mmc_claim_host(host);
#Step4: use host->card(NULL pointer)
if (mmc_card_suspended(host->card))
......
}
mmc_claim_host(host);
mmc_detach_bus(host);
}
......
}
we can prevent it occuring by add claim for "host->card = NULL" and add "host->card" validity check in mmc_sd_suspend.
Signed-off-by: Joe.Zhou <Joe.Zhou@xxxxxxxxxxxx>
---
drivers/mmc/core/sd.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c
index 1c8148cdda50..38c0b271283a 100644
--- a/drivers/mmc/core/sd.c
+++ b/drivers/mmc/core/sd.c
@@ -1593,7 +1593,9 @@ static int mmc_sd_init_card(struct mmc_host *host, u32 ocr,
static void mmc_sd_remove(struct mmc_host *host)
{
mmc_remove_card(host->card);
+ mmc_claim_host(host);
host->card = NULL;
+ mmc_release_host(host);
}
/*
@@ -1702,18 +1704,19 @@ static int _mmc_sd_suspend(struct mmc_host *host)
int err = 0;
mmc_claim_host(host);
+ if (host->card) {
+ if (mmc_card_suspended(card))
+ goto out;
- if (mmc_card_suspended(card))
- goto out;
-
- if (sd_can_poweroff_notify(card))
- err = sd_poweroff_notify(card);
- else if (!mmc_host_is_spi(host))
- err = mmc_deselect_cards(host);
+ if (sd_can_poweroff_notify(card))
+ err = sd_poweroff_notify(card);
+ else if (!mmc_host_is_spi(host))
+ err = mmc_deselect_cards(host);
- if (!err) {
- mmc_power_off(host);
- mmc_card_set_suspended(card);
+ if (!err) {
+ mmc_power_off(host);
+ mmc_card_set_suspended(card);
+ }
}
out:
@@ -1729,7 +1732,7 @@ static int mmc_sd_suspend(struct mmc_host *host)
int err;
err = _mmc_sd_suspend(host);
- if (!err) {
+ if (!err && host->card) {
pm_runtime_disable(&host->card->dev);
pm_runtime_set_suspended(&host->card->dev);
}
--
2.18.0
