From patchwork Thu Jul 13 09:17:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 107664 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp1958145qge; Thu, 13 Jul 2017 02:18:14 -0700 (PDT) X-Received: by 10.98.74.221 with SMTP id c90mr32146399pfj.218.1499937494525; Thu, 13 Jul 2017 02:18:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1499937494; cv=none; d=google.com; s=arc-20160816; b=I5Fqo1JwvuKFfLTDRQqpqsABNdpEjK9eqhgBlnGHtdCyF7ST4tKYDrv9ejYu3k/w9v 5rZEUnG7lsT69kL3V18JXhUAAA7fdbfZ3opESbcOPR+6N6iPFbvOELLCBwg2ZVmdZSKK KOjctiAfQ/mvO5Vmsz6dMQBkoFC5WnjjFNJelbytEx2MFKfCnsWK93VLNOJzQzEmcxYq it+TTFpIFsG/RrpnLb2eNl/2a78YmQ+9Gtep561z0AV+DlGTJutZN2esbtq6s5TAoNy5 PNsrs3bfZliZOC4Ak88+kYdmrGyocQ/Jdp0VIw0rwk9akIMAMFEar7p5Zl8DKNF4tUCQ lq4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=sxYBBUno3bFp9qIsXhfOf0RuwpTlTvL3AWMHECli+7k=; b=uS+Ydunh4gNMJklRRv5k/W0ieSFC+p04y26xvLL4F5HxKreOAyZYHbs+hhQRx1El6U 6eS07kkn/lNm4tcCg5AdjOGtB7sifhUy+5qKcZJFS/ApY4pd7o7cCTViAAWnd3bgTVTD KhdI0f4BPFAT67/6YfhhKi9HwQqqmkOG9DcPrc9IBNzDSqgeAdnUctYjIsj3Xx8hkxMX ICBTr1HPZjjQN73JYPkwyfe3rNkarN5ru1+h3t590fprNGptBMFLsXvZcv8/ucxgPR2P 8keWTxY8vGtDQwduJRBmElNZU3D6ouNIpPi4F9CtQEvyhJFRjoZFjRvWIH4VqMWZK4jm 32iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.b=Fxexf3Mb; spf=pass (google.com: best guess record for domain of linux-mmc-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-mmc-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j125si3799678pfg.447.2017.07.13.02.18.14; Thu, 13 Jul 2017 02:18:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-mmc-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.b=Fxexf3Mb; spf=pass (google.com: best guess record for domain of linux-mmc-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-mmc-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750954AbdGMJSN (ORCPT + 6 others); Thu, 13 Jul 2017 05:18:13 -0400 Received: from mail-lf0-f46.google.com ([209.85.215.46]:33258 "EHLO mail-lf0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750854AbdGMJSM (ORCPT ); Thu, 13 Jul 2017 05:18:12 -0400 Received: by mail-lf0-f46.google.com with SMTP id z78so33189295lff.0 for ; Thu, 13 Jul 2017 02:18:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=hhdv5Plyx5U9fTyg0AQXvpVbNxe6AAB20jvuXeMes+A=; b=Fxexf3MbqXOiYWbYYDVi6ddVke/lpIWRMv9ffguoBY12SEzsXv3DSJ+EKvNiOo6bF7 1sakzeuE7iuiV8zLlRIi0VEP2Si/Pls2O8l3YsrRPE0OMRo5/92yL+tKUtpYuarfA0Ab 6T9IDPFMzx1KxWuA5LQeGdm3DW/cKc5tEDnhc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=hhdv5Plyx5U9fTyg0AQXvpVbNxe6AAB20jvuXeMes+A=; b=DjtH27y0VjMlzL9QVEmseI+99hiyMYF0EY9Xcaj1fFfg34yASLeWnGmASthV2G6AuP 7CEQek/IBlsujW3FfTaNE6V5ib/OFyInnajtbsl6xsaK+QvM4cXENxjKfmPlbPdo3wQ7 M/BPaAQeyC0eOVe0YxgdbXwzaWHu+/fVkNNTOhqPwgZ1LF/Bs0YZxIz34zCEAuEszHAc LiqY29i4cee/1k5eiG8FaoX0SfWaRoPlEA5hcYN5ETXoQfzt0oXkz/V74hUFC0ZF64uI 1G8iuMQRsHlb1j1BpZ2rXIL7S9zZmVhBEJriZwPZ3A4/Vvm5tONB+RbLUPx5GK/ZFyk7 SnyQ== X-Gm-Message-State: AIVw110smgopTTwddtuGBZrZ9GDE2RTmjG0K3jjSFi/1wE/dy+ZsZya7 RIu5k0h5L2nqv8GlKi7xxA== X-Received: by 10.46.7.26 with SMTP id 26mr955160ljh.64.1499937490796; Thu, 13 Jul 2017 02:18:10 -0700 (PDT) Received: from genomnajs.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id h74sm1148690lfh.31.2017.07.13.02.18.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jul 2017 02:18:09 -0700 (PDT) From: Linus Walleij To: linux-mmc@vger.kernel.org, Ulf Hansson Cc: Grzegorz Sluja , Linus Walleij Subject: [PATCH] mmc: block: Block new req entering queue after its cleanup Date: Thu, 13 Jul 2017 11:17:58 +0200 Message-Id: <20170713091758.2975-1-linus.walleij@linaro.org> X-Mailer: git-send-email 2.9.4 Sender: linux-mmc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-mmc@vger.kernel.org From: Grzegorz Sluja commit 304419d8a7e9204c5d19b704467b814df8c8f5b1 'mmc: core: Allocate per-request data using the block layer core' refactored mechanism of queue handling caused mmc_init_request() can be called just after mmc_cleanup_queue() caused null pointer dereference: dmesg: [ 683.123791] BUG: unable to handle kernel NULL pointer dereference at (null) [ 683.123801] IP: mmc_init_request+0x2c/0xf0 [mmc_block] ... [ 683.123905] Call Trace: [ 683.123913] alloc_request_size+0x4f/0x70 [ 683.123919] mempool_alloc+0x5f/0x150 [ 683.123925] ? __enqueue_entity+0x6c/0x70 [ 683.123928] get_request+0x3ad/0x720 [ 683.123933] ? prepare_to_wait_event+0x110/0x110 [ 683.123937] blk_queue_bio+0xc1/0x3a0 [ 683.123940] generic_make_request+0xf8/0x2a0 [ 683.123942] submit_bio+0x75/0x150 [ 683.123947] submit_bio_wait+0x51/0x70 [ 683.123951] blkdev_issue_flush+0x5c/0x90 [ 683.123956] ext4_sync_fs+0x171/0x1b0 [ 683.123961] sync_filesystem+0x73/0x90 [ 683.123965] fsync_bdev+0x24/0x50 [ 683.123971] invalidate_partition+0x24/0x50 [ 683.123973] del_gendisk+0xb2/0x2a0 [ 683.123977] mmc_blk_remove_req.part.38+0x71/0xa0 [mmc_block] [ 683.123980] mmc_blk_remove+0xba/0x190 [mmc_block] [ 683.123990] mmc_bus_remove+0x1a/0x20 [mmc_core] [ 683.123995] device_release_driver_internal+0x141/0x200 [ 683.123999] device_release_driver+0x12/0x20 [ 683.124001] bus_remove_device+0xfd/0x170 [ 683.124004] device_del+0x1e8/0x330 [ 683.124012] mmc_remove_card+0x60/0xc0 [mmc_core] [ 683.124019] mmc_remove+0x19/0x30 [mmc_core] [ 683.124025] mmc_stop_host+0xfb/0x1a0 [mmc_core] [ 683.124032] mmc_remove_host+0x1a/0x40 [mmc_core] [ 683.124037] sdhci_remove_host+0x2e/0x1c0 [mmc_sdhci] [ 683.124042] sdhci_pci_remove_slot+0x3f/0x80 [sdhci_pci] [ 683.124045] sdhci_pci_remove+0x39/0x70 [sdhci_pci] [ 683.124049] pci_device_remove+0x39/0xc0 [ 683.124052] device_release_driver_internal+0x141/0x200 [ 683.124056] driver_detach+0x3f/0x80 [ 683.124059] bus_remove_driver+0x55/0xd0 [ 683.124062] driver_unregister+0x2c/0x50 [ 683.124065] pci_unregister_driver+0x29/0x90 [ 683.124069] sdhci_driver_exit+0x10/0x4f3 [sdhci_pci] [ 683.124073] SyS_delete_module+0x171/0x250 [ 683.124078] entry_SYSCALL_64_fastpath+0x1e/0xa9 Set queue DYING flag just before its cleaning blocked new req entering the queue afterwards. Signed-off-by: Grzegorz Sluja Signed-off-by: Linus Walleij --- Hi Ulf, forwarding an important fix from Grzegorz at Intel, please apply! Linus --- drivers/mmc/core/block.c | 1 + 1 file changed, 1 insertion(+) -- 2.9.4 -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 0cfac2d39107..5ddde7dc9075 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -2167,6 +2167,7 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) * from being accepted. */ card = md->queue.card; + blk_set_queue_dying(md->queue.queue); mmc_cleanup_queue(&md->queue); if (md->disk->flags & GENHD_FL_UP) { device_remove_file(disk_to_dev(md->disk), &md->force_ro);