From: Christian Löhle <CLoehle@xxxxxxxxxxxxxx> commit 339e3eb1facd18a98ceb1171d70674780e5014a7 upstream. To prevent any recovery work running after the queue cleanup cancel it. Any recovery running post-cleanup dereferenced mq->card as NULL and was not meaningful to begin with. Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Christian Loehle <cloehle@xxxxxxxxxxxxxx> Acked-by: Adrian Hunter <adrian.hunter@xxxxxxxxx> Link: https://lore.kernel.org/r/c865c0c9789d428494b67b820a78923e@xxxxxxxxxxxxxx Signed-off-by: Ulf Hansson <ulf.hansson@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/mmc/core/queue.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/mmc/core/queue.c +++ b/drivers/mmc/core/queue.c @@ -493,6 +493,13 @@ void mmc_cleanup_queue(struct mmc_queue if (blk_queue_quiesced(q)) blk_mq_unquiesce_queue(q); + /* + * If the recovery completes the last (and only remaining) request in + * the queue, and the card has been removed, we could end up here with + * the recovery not quite finished yet, so cancel it. + */ + cancel_work_sync(&mq->recovery_work); + blk_mq_free_tag_set(&mq->tag_set); /*
