All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] mmc: fix host release issue after discard operation
@ 2013-10-26 18:03 Ray Jui
  2013-11-04 18:40 ` Ray Jui
  2013-11-26 22:06 ` Chris Ball
  0 siblings, 2 replies; 5+ messages in thread
From: Ray Jui @ 2013-10-26 18:03 UTC (permalink / raw)
  To: Seungwon Jeon, Chris Ball; +Cc: linux-kernel, Ray Jui

Under function mmc_blk_issue_rq, after an MMC discard operation,
the MMC request data structure may be freed in memory. Later in
the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
is dangerous and invalid. It causes the MMC host not to be released
when it should

This patch fixes the issue by marking the special request down before
the discard/flush operation

Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
Signed-off-by: Ray Jui <rjui@broadcom.com>
Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
---
 drivers/mmc/card/block.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index 1a3163f..4e8212c 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -1959,6 +1959,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
 	struct mmc_card *card = md->queue.card;
 	struct mmc_host *host = card->host;
 	unsigned long flags;
+	unsigned int cmd_flags = req ? req->cmd_flags : 0;
 
 	if (req && !mq->mqrq_prev->req)
 		/* claim host only for the first request */
@@ -1974,7 +1975,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
 	}
 
 	mq->flags &= ~MMC_QUEUE_NEW_REQUEST;
-	if (req && req->cmd_flags & REQ_DISCARD) {
+	if (cmd_flags & REQ_DISCARD) {
 		/* complete ongoing async transfer before issuing discard */
 		if (card->host->areq)
 			mmc_blk_issue_rw_rq(mq, NULL);
@@ -1983,7 +1984,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
 			ret = mmc_blk_issue_secdiscard_rq(mq, req);
 		else
 			ret = mmc_blk_issue_discard_rq(mq, req);
-	} else if (req && req->cmd_flags & REQ_FLUSH) {
+	} else if (cmd_flags & REQ_FLUSH) {
 		/* complete ongoing async transfer before issuing flush */
 		if (card->host->areq)
 			mmc_blk_issue_rw_rq(mq, NULL);
@@ -1999,7 +2000,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
 
 out:
 	if ((!req && !(mq->flags & MMC_QUEUE_NEW_REQUEST)) ||
-	     (req && (req->cmd_flags & MMC_REQ_SPECIAL_MASK)))
+	     (cmd_flags & MMC_REQ_SPECIAL_MASK))
 		/*
 		 * Release host when there are no more requests
 		 * and after special request(discard, flush) is done.
-- 
1.7.9.5



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] mmc: fix host release issue after discard operation
  2013-10-26 18:03 [PATCH v2] mmc: fix host release issue after discard operation Ray Jui
@ 2013-11-04 18:40 ` Ray Jui
  2013-11-18 11:24   ` Seungwon Jeon
  2013-11-26 22:06 ` Chris Ball
  1 sibling, 1 reply; 5+ messages in thread
From: Ray Jui @ 2013-11-04 18:40 UTC (permalink / raw)
  To: Seungwon Jeon, Chris Ball, rjui; +Cc: linux-kernel

On 10/26/2013 11:03 AM, Ray Jui wrote:
> Under function mmc_blk_issue_rq, after an MMC discard operation,
> the MMC request data structure may be freed in memory. Later in
> the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
> is dangerous and invalid. It causes the MMC host not to be released
> when it should
>
> This patch fixes the issue by marking the special request down before
> the discard/flush operation
>
> Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
> Signed-off-by: Ray Jui <rjui@broadcom.com>
> Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
> ---
>   drivers/mmc/card/block.c |    7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> index 1a3163f..4e8212c 100644
> --- a/drivers/mmc/card/block.c
> +++ b/drivers/mmc/card/block.c
> @@ -1959,6 +1959,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
>   	struct mmc_card *card = md->queue.card;
>   	struct mmc_host *host = card->host;
>   	unsigned long flags;
> +	unsigned int cmd_flags = req ? req->cmd_flags : 0;
>
>   	if (req && !mq->mqrq_prev->req)
>   		/* claim host only for the first request */
> @@ -1974,7 +1975,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
>   	}
>
>   	mq->flags &= ~MMC_QUEUE_NEW_REQUEST;
> -	if (req && req->cmd_flags & REQ_DISCARD) {
> +	if (cmd_flags & REQ_DISCARD) {
>   		/* complete ongoing async transfer before issuing discard */
>   		if (card->host->areq)
>   			mmc_blk_issue_rw_rq(mq, NULL);
> @@ -1983,7 +1984,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
>   			ret = mmc_blk_issue_secdiscard_rq(mq, req);
>   		else
>   			ret = mmc_blk_issue_discard_rq(mq, req);
> -	} else if (req && req->cmd_flags & REQ_FLUSH) {
> +	} else if (cmd_flags & REQ_FLUSH) {
>   		/* complete ongoing async transfer before issuing flush */
>   		if (card->host->areq)
>   			mmc_blk_issue_rw_rq(mq, NULL);
> @@ -1999,7 +2000,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
>
>   out:
>   	if ((!req && !(mq->flags & MMC_QUEUE_NEW_REQUEST)) ||
> -	     (req && (req->cmd_flags & MMC_REQ_SPECIAL_MASK)))
> +	     (cmd_flags & MMC_REQ_SPECIAL_MASK))
>   		/*
>   		 * Release host when there are no more requests
>   		 * and after special request(discard, flush) is done.
>
Hi Seungwon/Chris,

Have you got a chance to review the MMC discard patch V2? The patch v2 
makes changes from v1 based on Seungwon's review comments.

Thanks,

Ray Jui


^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [PATCH v2] mmc: fix host release issue after discard operation
  2013-11-04 18:40 ` Ray Jui
@ 2013-11-18 11:24   ` Seungwon Jeon
  0 siblings, 0 replies; 5+ messages in thread
From: Seungwon Jeon @ 2013-11-18 11:24 UTC (permalink / raw)
  To: 'Ray Jui', 'Chris Ball'; +Cc: linux-kernel, linux-mmc

On Tue, November 05, 2013, Ray Jui wrote:
> On 10/26/2013 11:03 AM, Ray Jui wrote:
> > Under function mmc_blk_issue_rq, after an MMC discard operation,
> > the MMC request data structure may be freed in memory. Later in
> > the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
> > is dangerous and invalid. It causes the MMC host not to be released
> > when it should
Is commit message cut here?


> >
> > This patch fixes the issue by marking the special request down before
> > the discard/flush operation
> >
> > Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
> > Signed-off-by: Ray Jui <rjui@broadcom.com>
> > Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
> > ---
> >   drivers/mmc/card/block.c |    7 ++++---
> >   1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> > index 1a3163f..4e8212c 100644
> > --- a/drivers/mmc/card/block.c
> > +++ b/drivers/mmc/card/block.c
> > @@ -1959,6 +1959,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> >   	struct mmc_card *card = md->queue.card;
> >   	struct mmc_host *host = card->host;
> >   	unsigned long flags;
> > +	unsigned int cmd_flags = req ? req->cmd_flags : 0;
> >
> >   	if (req && !mq->mqrq_prev->req)
> >   		/* claim host only for the first request */
> > @@ -1974,7 +1975,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> >   	}
> >
> >   	mq->flags &= ~MMC_QUEUE_NEW_REQUEST;
> > -	if (req && req->cmd_flags & REQ_DISCARD) {
> > +	if (cmd_flags & REQ_DISCARD) {
> >   		/* complete ongoing async transfer before issuing discard */
> >   		if (card->host->areq)
> >   			mmc_blk_issue_rw_rq(mq, NULL);
> > @@ -1983,7 +1984,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> >   			ret = mmc_blk_issue_secdiscard_rq(mq, req);
> >   		else
> >   			ret = mmc_blk_issue_discard_rq(mq, req);
> > -	} else if (req && req->cmd_flags & REQ_FLUSH) {
> > +	} else if (cmd_flags & REQ_FLUSH) {
> >   		/* complete ongoing async transfer before issuing flush */
> >   		if (card->host->areq)
> >   			mmc_blk_issue_rw_rq(mq, NULL);
> > @@ -1999,7 +2000,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> >
> >   out:
> >   	if ((!req && !(mq->flags & MMC_QUEUE_NEW_REQUEST)) ||
> > -	     (req && (req->cmd_flags & MMC_REQ_SPECIAL_MASK)))
> > +	     (cmd_flags & MMC_REQ_SPECIAL_MASK))
> >   		/*
> >   		 * Release host when there are no more requests
> >   		 * and after special request(discard, flush) is done.
> >
> Hi Seungwon/Chris,
> 
> Have you got a chance to review the MMC discard patch V2? The patch v2
> makes changes from v1 based on Seungwon's review comments.

Adding linux-mmc. It has been omitted.
(+linux-mmc)

CC: Stable <stable@kernel.org>
Acked-by: Seungwon Jeon <tgih.jun@samsung.com>

Thanks,
Seungwon Jeon


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] mmc: fix host release issue after discard operation
  2013-10-26 18:03 [PATCH v2] mmc: fix host release issue after discard operation Ray Jui
  2013-11-04 18:40 ` Ray Jui
@ 2013-11-26 22:06 ` Chris Ball
  2013-11-26 22:35   ` Ray Jui
  1 sibling, 1 reply; 5+ messages in thread
From: Chris Ball @ 2013-11-26 22:06 UTC (permalink / raw)
  To: Ray Jui; +Cc: Seungwon Jeon, linux-kernel, linux-mmc

Hi Ray,

On Sat, Oct 26 2013, Ray Jui wrote:
> Under function mmc_blk_issue_rq, after an MMC discard operation,
> the MMC request data structure may be freed in memory. Later in
> the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
> is dangerous and invalid. It causes the MMC host not to be released
> when it should
>
> This patch fixes the issue by marking the special request down before
> the discard/flush operation
>
> Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
> Signed-off-by: Ray Jui <rjui@broadcom.com>
> Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>

Thanks, pushed to mmc-next for 3.14 and -stable.

- Chris.
-- 
Chris Ball   <cjb@laptop.org>   <http://printf.net/>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] mmc: fix host release issue after discard operation
  2013-11-26 22:06 ` Chris Ball
@ 2013-11-26 22:35   ` Ray Jui
  0 siblings, 0 replies; 5+ messages in thread
From: Ray Jui @ 2013-11-26 22:35 UTC (permalink / raw)
  To: Chris Ball; +Cc: Seungwon Jeon, linux-kernel, linux-mmc

On 11/26/2013 2:06 PM, Chris Ball wrote:
> Hi Ray,
>
> On Sat, Oct 26 2013, Ray Jui wrote:
>> Under function mmc_blk_issue_rq, after an MMC discard operation,
>> the MMC request data structure may be freed in memory. Later in
>> the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
>> is dangerous and invalid. It causes the MMC host not to be released
>> when it should
>>
>> This patch fixes the issue by marking the special request down before
>> the discard/flush operation
>>
>> Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
>> Signed-off-by: Ray Jui <rjui@broadcom.com>
>> Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
>
> Thanks, pushed to mmc-next for 3.14 and -stable.
>
> - Chris.
>
Great!

Thanks,

Ray


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-11-26 22:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-26 18:03 [PATCH v2] mmc: fix host release issue after discard operation Ray Jui
2013-11-04 18:40 ` Ray Jui
2013-11-18 11:24   ` Seungwon Jeon
2013-11-26 22:06 ` Chris Ball
2013-11-26 22:35   ` Ray Jui

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.