* [PATCH] mmc/core:fix mmc_sd_hw_reset oops mmc_sd_hw_reset function may be oops if the ejection of sd and the reset of sd simultaneously occur
@ 2020-05-01 15:59 yanxiaoyong5
[not found] ` <CAHQZ30Btybck2ts8FGru_GDP63e6-ZdxN_mF5Wbp4L1XeTPAtQ@mail.gmail.com>
0 siblings, 1 reply; 2+ messages in thread
From: yanxiaoyong5 @ 2020-05-01 15:59 UTC (permalink / raw)
To: ulf.hansson, rrangel, avri.altman, kstewart, tglx
Cc: linux-mmc, linux-kernel, yanxiaoyong5
Signed-off-by: yanxiaoyong5 <yanxiaoyong5@gmail.com>
---
drivers/mmc/core/sd.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c
index fe914ff..73a1e68 100644
--- a/drivers/mmc/core/sd.c
+++ b/drivers/mmc/core/sd.c
@@ -1247,8 +1247,13 @@ static int mmc_sd_runtime_resume(struct mmc_host *host)
static int mmc_sd_hw_reset(struct mmc_host *host)
{
- mmc_power_cycle(host, host->card->ocr);
- return mmc_sd_init_card(host, host->card->ocr, host->card);
+ struct mmc_card *card;
+
+ card = host->card;
+ if (!card)
+ return -EINVAL;
+ mmc_power_cycle(host, card->ocr);
+ return mmc_sd_init_card(host, card->ocr, host->card);
}
static const struct mmc_bus_ops mmc_sd_ops = {
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: Re: [PATCH] mmc/core:fix mmc_sd_hw_reset oops mmc_sd_hw_reset function may be oops if the ejection of sd and the reset of sd simultaneously occur
[not found] ` <2020050201173899657320@gmail.com>
@ 2020-05-06 16:30 ` Ulf Hansson
0 siblings, 0 replies; 2+ messages in thread
From: Ulf Hansson @ 2020-05-06 16:30 UTC (permalink / raw)
To: yanxiaoyong5
Cc: Raul Rangel, Avri Altman, kstewart, tglx, linux-mmc, linux-kernel
On Fri, 1 May 2020 at 19:18, yanxiaoyong5@gmail.com
<yanxiaoyong5@gmail.com> wrote:
>
> it is a race condition,the situation as follows:
> a b
> mmc_rescan
> mmc_sd_detect
> mmc_get_card
> __mmc_reclaim_host
> card is not present __mmc_reclaim_host
> mmc_put_card wait a __mmc_release_host
> __mmc_release_host
> set b TASK_RUNNING
> mmc_sd_remove
mmc_sd_remove() calls mmc_remove_card(), which calls device_del() on
the corresponding card->dev.
That leads to ->remove() callback gets invoked for card->dev (see
mmc_blk_remove()), which ideally should clean up everything mmc block
device related. In other words, beyond this point there should be no
thread/user that can call mmc_hw_reset() (which invokes
mmc_sd_hw_reset().
> host->card =NULL
> (b starts to run)
> mmc_sd_hw_reset
> finds host->cards is NULL,then oops
So, from the above reasoning I need to ask, have you really seen the
NULL pointer exception happening? (then we need to look more closely
at mmc_blk_remove()) Or do you think there is a problem from a
code-inspection point of view?
Kind regards
Uffe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-06 16:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-01 15:59 [PATCH] mmc/core:fix mmc_sd_hw_reset oops mmc_sd_hw_reset function may be oops if the ejection of sd and the reset of sd simultaneously occur yanxiaoyong5
[not found] ` <CAHQZ30Btybck2ts8FGru_GDP63e6-ZdxN_mF5Wbp4L1XeTPAtQ@mail.gmail.com>
[not found] ` <2020050201173899657320@gmail.com>
2020-05-06 16:30 ` Ulf Hansson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).