| Message ID | 1374671868-606-1-git-send-email-franck.jullien@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
2013/7/24 <franck.jullien@gmail.com>: > From: Franck Jullien <franck.jullien@gmail.com> > > A previous commit (fdfa20c1631210d0) reordered the > shutdown sequence in mmc_blk_remove_req. However, > mmc_cleanup_queue is now called before we get the > card pointer and, sadly, mmc_cleanup_queue set > mq->card to NULL. > > This patch moves the card pointer assignment before > mmc_cleanup_queue. > > Signed-off-by: Franck Jullien <franck.jullien@gmail.com> > --- > drivers/mmc/card/block.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c > index cd0b7f4..f4a0bea 100644 > --- a/drivers/mmc/card/block.c > +++ b/drivers/mmc/card/block.c > @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) > * is freeing the queue that stops new requests > * from being accepted. > */ > + card = md->queue.card; > mmc_cleanup_queue(&md->queue); > if (md->flags & MMC_BLK_PACKED_CMD) > mmc_packed_clean(&md->queue); > - card = md->queue.card; > if (md->disk->flags & GENHD_FL_UP) { > device_remove_file(disk_to_dev(md->disk), &md->force_ro); > if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) && > -- > 1.7.1 > This is how I got this (mmc_test is unusable right now): / # echo mmc0:0001 > /sys/bus/mmc/drivers/mmcblk/unbind Unable to handle kernel paging request for data at address 0x000001f0 Faulting instruction address: 0xc0316bf4 Oops: Kernel access of bad area, sig: 11 [#1] P1020 RDB Modules linked in: CPU: 0 PID: 1237 Comm: echo Not tainted 3.10.0-next-20130709-dirty #12 task: ef3489c0 ti: ef2e0000 task.ti: ef2e0000 NIP: c0316bf4 LR: c0316be8 CTR: 00000000 REGS: ef2e1d70 TRAP: 0300 Not tainted (3.10.0-next-20130709-dirty) MSR: 00029000 <CE,EE,ME> CR: 42004042 XER: 20000000 DEAR: 000001f0, ESR: 00000000 GPR00: c0316be8 ef2e1e20 ef3489c0 00000000 ef2de9b0 c05612e4 00000000 00000000 GPR08: ef3728d0 00000002 00000002 00000000 00001aee 10174934 00000000 00000000 GPR16: 00000000 00000000 10133928 1015718e bfe9c268 1017221c 00000000 00000001 GPR24: 00000001 c0476384 ef2e1f18 ef2b6060 00100100 00200200 00000000 ef2f1800 NIP [c0316bf4] mmc_blk_remove_req+0x90/0xbc LR [c0316be8] mmc_blk_remove_req+0x84/0xbc Call Trace: [ef2e1e20] [c0316be8] mmc_blk_remove_req+0x84/0xbc (unreliable) [ef2e1e30] [c03183c8] mmc_blk_remove_parts.isra.22+0x88/0xac [ef2e1e50] [c0318414] mmc_blk_remove+0x28/0xc8 [ef2e1e70] [c030b5b4] mmc_bus_remove+0x20/0x34 [ef2e1e80] [c024c5ac] __device_release_driver+0x68/0x114 [ef2e1e90] [c024c680] device_release_driver+0x28/0x40 [ef2e1ea0] [c024b370] driver_unbind+0x64/0xd0 [ef2e1ec0] [c0120010] sysfs_write_file+0xfc/0x190 [ef2e1ef0] [c00c82fc] vfs_write+0xc8/0x1b0 [ef2e1f10] [c00c876c] SyS_write+0x4c/0xac [ef2e1f40] [c000d318] ret_from_syscall+0x0/0x3c --- Exception: c01 at 0x100bd3e8 LR = 0x1008a4d8 Instruction dump: 48003c81 807f0000 83df0004 812301ac 712a0010 4182ffd0 38630068 389f027c 4bf31e79 813f029c 712a0002 41a2ffb8 <893e01f0> 2f890000 419effac 807f0000 ---[ end trace 2908d8b93b8cdd75 ]--- Segmentation fault Franck. -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Franck, On Wed, Jul 24 2013, franck.jullien@gmail.com wrote: > From: Franck Jullien <franck.jullien@gmail.com> > > A previous commit (fdfa20c1631210d0) reordered the > shutdown sequence in mmc_blk_remove_req. However, > mmc_cleanup_queue is now called before we get the > card pointer and, sadly, mmc_cleanup_queue set > mq->card to NULL. > > This patch moves the card pointer assignment before > mmc_cleanup_queue. > > Signed-off-by: Franck Jullien <franck.jullien@gmail.com> > --- > drivers/mmc/card/block.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c > index cd0b7f4..f4a0bea 100644 > --- a/drivers/mmc/card/block.c > +++ b/drivers/mmc/card/block.c > @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) > * is freeing the queue that stops new requests > * from being accepted. > */ > + card = md->queue.card; > mmc_cleanup_queue(&md->queue); > if (md->flags & MMC_BLK_PACKED_CMD) > mmc_packed_clean(&md->queue); > - card = md->queue.card; > if (md->disk->flags & GENHD_FL_UP) { > device_remove_file(disk_to_dev(md->disk), &md->force_ro); > if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) && Thanks for the patch, pushed to mmc-next for 3.12. - Chris.
On 25/08/13 06:22, Chris Ball wrote: > Hi Franck, > > On Wed, Jul 24 2013, franck.jullien@gmail.com wrote: >> From: Franck Jullien <franck.jullien@gmail.com> >> >> A previous commit (fdfa20c1631210d0) reordered the >> shutdown sequence in mmc_blk_remove_req. However, >> mmc_cleanup_queue is now called before we get the >> card pointer and, sadly, mmc_cleanup_queue set >> mq->card to NULL. >> >> This patch moves the card pointer assignment before >> mmc_cleanup_queue. >> >> Signed-off-by: Franck Jullien <franck.jullien@gmail.com> >> --- >> drivers/mmc/card/block.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c >> index cd0b7f4..f4a0bea 100644 >> --- a/drivers/mmc/card/block.c >> +++ b/drivers/mmc/card/block.c >> @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) >> * is freeing the queue that stops new requests >> * from being accepted. >> */ >> + card = md->queue.card; >> mmc_cleanup_queue(&md->queue); >> if (md->flags & MMC_BLK_PACKED_CMD) >> mmc_packed_clean(&md->queue); >> - card = md->queue.card; >> if (md->disk->flags & GENHD_FL_UP) { >> device_remove_file(disk_to_dev(md->disk), &md->force_ro); >> if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) && > > Thanks for the patch, pushed to mmc-next for 3.12. Hi The regression is in 3.11, and causes an oops (see below) Adding linux-stable The fix is now in linus' tree with commit id: 8efb83a2f8518a6ffcc074177f8d659c5165ef37 Please cherry-pick this for 3.11 [ 107.814928] BUG: unable to handle kernel NULL pointer dereference at 0000000000000398 [ 107.823706] IP: [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 107.831709] PGD 134323067 PUD 1343c2067 PMD 0 [ 107.836703] Oops: 0000 [#1] PREEMPT SMP [ 107.841098] Modules linked in: sdhci_acpi(-) mmc_block sdhci [ 107.847468] CPU: 1 PID: 133 Comm: rmmod Not tainted 3.11.3+ #15 [ 107.854090] task: ffff8801341dc440 ti: ffff88013426c000 task.ti: ffff88013426c000 [ 107.862456] RIP: 0010:[<ffffffffa000d201>] [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 107.873172] RSP: 0018:ffff88013426dbe8 EFLAGS: 00010202 [ 107.879111] RAX: ffff8801341e63a8 RBX: ffff8801341e6000 RCX: 00000000000160a0 [ 107.887088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000023 [ 107.895058] RBP: ffff88013426dbf8 R08: ffff88013b443180 R09: ffff88013426dfd8 [ 107.903035] R10: 000000000000273c R11: ffff880134330e00 R12: 0000000000000000 [ 107.911005] R13: ffff8801341e5000 R14: ffffffffa001c098 R15: 0000000000000000 [ 107.918985] FS: 00007f9bab888700(0000) GS:ffff88013fc80000(0000) knlGS:0000000000000000 [ 107.928031] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 107.934455] CR2: 0000000000000398 CR3: 0000000134263000 CR4: 00000000001007e0 [ 107.942422] Stack: [ 107.944669] ffff8801341e5ba8 ffff8801341e53a8 ffff88013426dc18 ffffffffa000dbfa [ 107.952965] ffff8801341e4800 ffff8801341e4808 ffff88013426dc48 ffffffffa000fca0 [ 107.961260] 000000000000bbc9 ffff8801341e4808 ffffffffa0012010 ffffffff81a82210 [ 107.969556] Call Trace: [ 107.972307] [<ffffffffa000dbfa>] mmc_blk_remove_parts.isra.16+0x5c/0x6c [mmc_block] [ 107.980980] [<ffffffffa000fca0>] mmc_blk_remove+0x25/0xa9 [mmc_block] [ 107.988289] [<ffffffff8140dd6c>] mmc_bus_remove+0x15/0x19 [ 107.994432] [<ffffffff812f14a8>] __device_release_driver+0x86/0xdc [ 108.001448] [<ffffffff812f175d>] device_release_driver+0x1e/0x2b [ 108.008269] [<ffffffff812f10bc>] bus_remove_device+0xe5/0xfa [ 108.014701] [<ffffffff812eeb96>] device_del+0x12c/0x186 [ 108.020646] [<ffffffff8140e2cc>] mmc_remove_card+0x66/0x76 [ 108.026884] [<ffffffff8140ec55>] mmc_remove+0x23/0x32 [ 108.032636] [<ffffffff8140dbb2>] mmc_stop_host+0x58/0x9f [ 108.038678] [<ffffffff8140e301>] mmc_remove_host+0x1d/0x3e [ 108.044923] [<ffffffffa0001d76>] sdhci_remove_host+0x94/0x122 [sdhci] [ 108.052235] [<ffffffffa001a145>] sdhci_acpi_remove+0x79/0x8b [sdhci_acpi] [ 108.059932] [<ffffffff812f2e50>] platform_drv_remove+0x1a/0x3e [ 108.066559] [<ffffffff812f14a8>] __device_release_driver+0x86/0xdc [ 108.073574] [<ffffffff812f1c9f>] driver_detach+0x81/0xb2 [ 108.079611] [<ffffffff812f1357>] bus_remove_driver+0x6f/0xb4 [ 108.086045] [<ffffffffa001a568>] ? sdhci_acpi_probe+0x411/0x411 [sdhci_acpi] [ 108.094031] [<ffffffff812f20a3>] driver_unregister+0x4e/0x73 [ 108.100464] [<ffffffff812f2d26>] platform_driver_unregister+0xd/0xf [ 108.107578] [<ffffffffa001a578>] sdhci_acpi_driver_exit+0x10/0xa98 [sdhci_acpi] [ 108.115859] [<ffffffff8107eac3>] SyS_delete_module+0x1b6/0x244 [ 108.122488] [<ffffffff8102c638>] ? do_page_fault+0x9/0xd [ 108.128535] [<ffffffff815cd052>] system_call_fastpath+0x16/0x1b [ 108.135250] Code: 00 48 8b 7b 08 4c 8b 63 10 f6 87 60 03 00 00 10 74 41 48 8d b3 d8 03 00 00 48 83 c7 70 e8 26 10 2e e1 f6 83 18 04 00 00 02 74 1f <41> 80 bc 24 98 03 00 00 00 74 14 48 8b 7b 08 48 8d b3 f8 03 00 [ 108.156804] RIP [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 108.164895] RSP <ffff88013426dbe8> [ 108.168794] CR2: 0000000000000398 [ 108.174595] ---[ end trace b9c7313fc09b25d8 ]--- -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 25/08/13 06:22, Chris Ball wrote: > Hi Franck, > > On Wed, Jul 24 2013, franck.jullien@gmail.com wrote: >> From: Franck Jullien <franck.jullien@gmail.com> >> >> A previous commit (fdfa20c1631210d0) reordered the >> shutdown sequence in mmc_blk_remove_req. However, >> mmc_cleanup_queue is now called before we get the >> card pointer and, sadly, mmc_cleanup_queue set >> mq->card to NULL. >> >> This patch moves the card pointer assignment before >> mmc_cleanup_queue. >> >> Signed-off-by: Franck Jullien <franck.jullien@gmail.com> >> --- >> drivers/mmc/card/block.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c >> index cd0b7f4..f4a0bea 100644 >> --- a/drivers/mmc/card/block.c >> +++ b/drivers/mmc/card/block.c >> @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) >> * is freeing the queue that stops new requests >> * from being accepted. >> */ >> + card = md->queue.card; >> mmc_cleanup_queue(&md->queue); >> if (md->flags & MMC_BLK_PACKED_CMD) >> mmc_packed_clean(&md->queue); >> - card = md->queue.card; >> if (md->disk->flags & GENHD_FL_UP) { >> device_remove_file(disk_to_dev(md->disk), &md->force_ro); >> if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) && > > Thanks for the patch, pushed to mmc-next for 3.12. > > - Chris. > Hi The regression is in 3.11, and causes an oops (see below) Adding linux-stable (correctly this time!) The fix is now in linus' tree with commit id: 8efb83a2f8518a6ffcc074177f8d659c5165ef37 Please cherry-pick this for 3.11 [ 107.814928] BUG: unable to handle kernel NULL pointer dereference at 0000000000000398 [ 107.823706] IP: [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 107.831709] PGD 134323067 PUD 1343c2067 PMD 0 [ 107.836703] Oops: 0000 [#1] PREEMPT SMP [ 107.841098] Modules linked in: sdhci_acpi(-) mmc_block sdhci [ 107.847468] CPU: 1 PID: 133 Comm: rmmod Not tainted 3.11.3+ #15 [ 107.854090] task: ffff8801341dc440 ti: ffff88013426c000 task.ti: ffff88013426c000 [ 107.862456] RIP: 0010:[<ffffffffa000d201>] [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 107.873172] RSP: 0018:ffff88013426dbe8 EFLAGS: 00010202 [ 107.879111] RAX: ffff8801341e63a8 RBX: ffff8801341e6000 RCX: 00000000000160a0 [ 107.887088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000023 [ 107.895058] RBP: ffff88013426dbf8 R08: ffff88013b443180 R09: ffff88013426dfd8 [ 107.903035] R10: 000000000000273c R11: ffff880134330e00 R12: 0000000000000000 [ 107.911005] R13: ffff8801341e5000 R14: ffffffffa001c098 R15: 0000000000000000 [ 107.918985] FS: 00007f9bab888700(0000) GS:ffff88013fc80000(0000) knlGS:0000000000000000 [ 107.928031] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 107.934455] CR2: 0000000000000398 CR3: 0000000134263000 CR4: 00000000001007e0 [ 107.942422] Stack: [ 107.944669] ffff8801341e5ba8 ffff8801341e53a8 ffff88013426dc18 ffffffffa000dbfa [ 107.952965] ffff8801341e4800 ffff8801341e4808 ffff88013426dc48 ffffffffa000fca0 [ 107.961260] 000000000000bbc9 ffff8801341e4808 ffffffffa0012010 ffffffff81a82210 [ 107.969556] Call Trace: [ 107.972307] [<ffffffffa000dbfa>] mmc_blk_remove_parts.isra.16+0x5c/0x6c [mmc_block] [ 107.980980] [<ffffffffa000fca0>] mmc_blk_remove+0x25/0xa9 [mmc_block] [ 107.988289] [<ffffffff8140dd6c>] mmc_bus_remove+0x15/0x19 [ 107.994432] [<ffffffff812f14a8>] __device_release_driver+0x86/0xdc [ 108.001448] [<ffffffff812f175d>] device_release_driver+0x1e/0x2b [ 108.008269] [<ffffffff812f10bc>] bus_remove_device+0xe5/0xfa [ 108.014701] [<ffffffff812eeb96>] device_del+0x12c/0x186 [ 108.020646] [<ffffffff8140e2cc>] mmc_remove_card+0x66/0x76 [ 108.026884] [<ffffffff8140ec55>] mmc_remove+0x23/0x32 [ 108.032636] [<ffffffff8140dbb2>] mmc_stop_host+0x58/0x9f [ 108.038678] [<ffffffff8140e301>] mmc_remove_host+0x1d/0x3e [ 108.044923] [<ffffffffa0001d76>] sdhci_remove_host+0x94/0x122 [sdhci] [ 108.052235] [<ffffffffa001a145>] sdhci_acpi_remove+0x79/0x8b [sdhci_acpi] [ 108.059932] [<ffffffff812f2e50>] platform_drv_remove+0x1a/0x3e [ 108.066559] [<ffffffff812f14a8>] __device_release_driver+0x86/0xdc [ 108.073574] [<ffffffff812f1c9f>] driver_detach+0x81/0xb2 [ 108.079611] [<ffffffff812f1357>] bus_remove_driver+0x6f/0xb4 [ 108.086045] [<ffffffffa001a568>] ? sdhci_acpi_probe+0x411/0x411 [sdhci_acpi] [ 108.094031] [<ffffffff812f20a3>] driver_unregister+0x4e/0x73 [ 108.100464] [<ffffffff812f2d26>] platform_driver_unregister+0xd/0xf [ 108.107578] [<ffffffffa001a578>] sdhci_acpi_driver_exit+0x10/0xa98 [sdhci_acpi] [ 108.115859] [<ffffffff8107eac3>] SyS_delete_module+0x1b6/0x244 [ 108.122488] [<ffffffff8102c638>] ? do_page_fault+0x9/0xd [ 108.128535] [<ffffffff815cd052>] system_call_fastpath+0x16/0x1b [ 108.135250] Code: 00 48 8b 7b 08 4c 8b 63 10 f6 87 60 03 00 00 10 74 41 48 8d b3 d8 03 00 00 48 83 c7 70 e8 26 10 2e e1 f6 83 18 04 00 00 02 74 1f <41> 80 bc 24 98 03 00 00 00 74 14 48 8b 7b 08 48 8d b3 f8 03 00 [ 108.156804] RIP [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 108.164895] RSP <ffff88013426dbe8> [ 108.168794] CR2: 0000000000000398 [ 108.174595] ---[ end trace b9c7313fc09b25d8 ]--- -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 25/08/13 06:22, Chris Ball wrote: > Hi Franck, > > On Wed, Jul 24 2013, franck.jullien@gmail.com wrote: >> From: Franck Jullien <franck.jullien@gmail.com> >> >> A previous commit (fdfa20c1631210d0) reordered the >> shutdown sequence in mmc_blk_remove_req. However, >> mmc_cleanup_queue is now called before we get the >> card pointer and, sadly, mmc_cleanup_queue set >> mq->card to NULL. >> >> This patch moves the card pointer assignment before >> mmc_cleanup_queue. >> >> Signed-off-by: Franck Jullien <franck.jullien@gmail.com> >> --- >> drivers/mmc/card/block.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c >> index cd0b7f4..f4a0bea 100644 >> --- a/drivers/mmc/card/block.c >> +++ b/drivers/mmc/card/block.c >> @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) >> * is freeing the queue that stops new requests >> * from being accepted. >> */ >> + card = md->queue.card; >> mmc_cleanup_queue(&md->queue); >> if (md->flags & MMC_BLK_PACKED_CMD) >> mmc_packed_clean(&md->queue); >> - card = md->queue.card; >> if (md->disk->flags & GENHD_FL_UP) { >> device_remove_file(disk_to_dev(md->disk), &md->force_ro); >> if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) && > > Thanks for the patch, pushed to mmc-next for 3.12. > > - Chris. > Hi The regression is in 3.11, and causes an oops (see below) Adding linux-stable (third time lucky?!?!) The fix is now in linus' tree with commit id: 8efb83a2f8518a6ffcc074177f8d659c5165ef37 Please cherry-pick this for 3.11 [ 107.814928] BUG: unable to handle kernel NULL pointer dereference at 0000000000000398 [ 107.823706] IP: [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 107.831709] PGD 134323067 PUD 1343c2067 PMD 0 [ 107.836703] Oops: 0000 [#1] PREEMPT SMP [ 107.841098] Modules linked in: sdhci_acpi(-) mmc_block sdhci [ 107.847468] CPU: 1 PID: 133 Comm: rmmod Not tainted 3.11.3+ #15 [ 107.854090] task: ffff8801341dc440 ti: ffff88013426c000 task.ti: ffff88013426c000 [ 107.862456] RIP: 0010:[<ffffffffa000d201>] [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 107.873172] RSP: 0018:ffff88013426dbe8 EFLAGS: 00010202 [ 107.879111] RAX: ffff8801341e63a8 RBX: ffff8801341e6000 RCX: 00000000000160a0 [ 107.887088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000023 [ 107.895058] RBP: ffff88013426dbf8 R08: ffff88013b443180 R09: ffff88013426dfd8 [ 107.903035] R10: 000000000000273c R11: ffff880134330e00 R12: 0000000000000000 [ 107.911005] R13: ffff8801341e5000 R14: ffffffffa001c098 R15: 0000000000000000 [ 107.918985] FS: 00007f9bab888700(0000) GS:ffff88013fc80000(0000) knlGS:0000000000000000 [ 107.928031] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 107.934455] CR2: 0000000000000398 CR3: 0000000134263000 CR4: 00000000001007e0 [ 107.942422] Stack: [ 107.944669] ffff8801341e5ba8 ffff8801341e53a8 ffff88013426dc18 ffffffffa000dbfa [ 107.952965] ffff8801341e4800 ffff8801341e4808 ffff88013426dc48 ffffffffa000fca0 [ 107.961260] 000000000000bbc9 ffff8801341e4808 ffffffffa0012010 ffffffff81a82210 [ 107.969556] Call Trace: [ 107.972307] [<ffffffffa000dbfa>] mmc_blk_remove_parts.isra.16+0x5c/0x6c [mmc_block] [ 107.980980] [<ffffffffa000fca0>] mmc_blk_remove+0x25/0xa9 [mmc_block] [ 107.988289] [<ffffffff8140dd6c>] mmc_bus_remove+0x15/0x19 [ 107.994432] [<ffffffff812f14a8>] __device_release_driver+0x86/0xdc [ 108.001448] [<ffffffff812f175d>] device_release_driver+0x1e/0x2b [ 108.008269] [<ffffffff812f10bc>] bus_remove_device+0xe5/0xfa [ 108.014701] [<ffffffff812eeb96>] device_del+0x12c/0x186 [ 108.020646] [<ffffffff8140e2cc>] mmc_remove_card+0x66/0x76 [ 108.026884] [<ffffffff8140ec55>] mmc_remove+0x23/0x32 [ 108.032636] [<ffffffff8140dbb2>] mmc_stop_host+0x58/0x9f [ 108.038678] [<ffffffff8140e301>] mmc_remove_host+0x1d/0x3e [ 108.044923] [<ffffffffa0001d76>] sdhci_remove_host+0x94/0x122 [sdhci] [ 108.052235] [<ffffffffa001a145>] sdhci_acpi_remove+0x79/0x8b [sdhci_acpi] [ 108.059932] [<ffffffff812f2e50>] platform_drv_remove+0x1a/0x3e [ 108.066559] [<ffffffff812f14a8>] __device_release_driver+0x86/0xdc [ 108.073574] [<ffffffff812f1c9f>] driver_detach+0x81/0xb2 [ 108.079611] [<ffffffff812f1357>] bus_remove_driver+0x6f/0xb4 [ 108.086045] [<ffffffffa001a568>] ? sdhci_acpi_probe+0x411/0x411 [sdhci_acpi] [ 108.094031] [<ffffffff812f20a3>] driver_unregister+0x4e/0x73 [ 108.100464] [<ffffffff812f2d26>] platform_driver_unregister+0xd/0xf [ 108.107578] [<ffffffffa001a578>] sdhci_acpi_driver_exit+0x10/0xa98 [sdhci_acpi] [ 108.115859] [<ffffffff8107eac3>] SyS_delete_module+0x1b6/0x244 [ 108.122488] [<ffffffff8102c638>] ? do_page_fault+0x9/0xd [ 108.128535] [<ffffffff815cd052>] system_call_fastpath+0x16/0x1b [ 108.135250] Code: 00 48 8b 7b 08 4c 8b 63 10 f6 87 60 03 00 00 10 74 41 48 8d b3 d8 03 00 00 48 83 c7 70 e8 26 10 2e e1 f6 83 18 04 00 00 02 74 1f <41> 80 bc 24 98 03 00 00 00 74 14 48 8b 7b 08 48 8d b3 f8 03 00 [ 108.156804] RIP [<ffffffffa000d201>] mmc_blk_remove_req+0x56/0x8b [mmc_block] [ 108.164895] RSP <ffff88013426dbe8> [ 108.168794] CR2: 0000000000000398 [ 108.174595] ---[ end trace b9c7313fc09b25d8 ]--- -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Oct 07, 2013 at 11:54:11AM +0300, Adrian Hunter wrote: > On 25/08/13 06:22, Chris Ball wrote: > > Hi Franck, > > > > On Wed, Jul 24 2013, franck.jullien@gmail.com wrote: > >> From: Franck Jullien <franck.jullien@gmail.com> > >> > >> A previous commit (fdfa20c1631210d0) reordered the > >> shutdown sequence in mmc_blk_remove_req. However, > >> mmc_cleanup_queue is now called before we get the > >> card pointer and, sadly, mmc_cleanup_queue set > >> mq->card to NULL. > >> > >> This patch moves the card pointer assignment before > >> mmc_cleanup_queue. > >> > >> Signed-off-by: Franck Jullien <franck.jullien@gmail.com> > >> --- > >> drivers/mmc/card/block.c | 2 +- > >> 1 files changed, 1 insertions(+), 1 deletions(-) > >> > >> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c > >> index cd0b7f4..f4a0bea 100644 > >> --- a/drivers/mmc/card/block.c > >> +++ b/drivers/mmc/card/block.c > >> @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) > >> * is freeing the queue that stops new requests > >> * from being accepted. > >> */ > >> + card = md->queue.card; > >> mmc_cleanup_queue(&md->queue); > >> if (md->flags & MMC_BLK_PACKED_CMD) > >> mmc_packed_clean(&md->queue); > >> - card = md->queue.card; > >> if (md->disk->flags & GENHD_FL_UP) { > >> device_remove_file(disk_to_dev(md->disk), &md->force_ro); > >> if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) && > > > > Thanks for the patch, pushed to mmc-next for 3.12. > > > > - Chris. > > > > Hi > > The regression is in 3.11, and causes an oops (see below) > Adding linux-stable (third time lucky?!?!) > > The fix is now in linus' tree with commit id: > > 8efb83a2f8518a6ffcc074177f8d659c5165ef37 > > Please cherry-pick this for 3.11 Now applied, thanks. greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index cd0b7f4..f4a0bea 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -2191,10 +2191,10 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) * is freeing the queue that stops new requests * from being accepted. */ + card = md->queue.card; mmc_cleanup_queue(&md->queue); if (md->flags & MMC_BLK_PACKED_CMD) mmc_packed_clean(&md->queue); - card = md->queue.card; if (md->disk->flags & GENHD_FL_UP) { device_remove_file(disk_to_dev(md->disk), &md->force_ro); if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) &&