From patchwork Thu Jul 13 09:17:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 9838065 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D068A602A0 for ; Thu, 13 Jul 2017 09:18:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0F1F28692 for ; Thu, 13 Jul 2017 09:18:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B5526286AE; Thu, 13 Jul 2017 09:18:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A56828692 for ; Thu, 13 Jul 2017 09:18:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750954AbdGMJSN (ORCPT ); Thu, 13 Jul 2017 05:18:13 -0400 Received: from mail-lf0-f46.google.com ([209.85.215.46]:33258 "EHLO mail-lf0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750854AbdGMJSM (ORCPT ); Thu, 13 Jul 2017 05:18:12 -0400 Received: by mail-lf0-f46.google.com with SMTP id z78so33189295lff.0 for ; Thu, 13 Jul 2017 02:18:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=hhdv5Plyx5U9fTyg0AQXvpVbNxe6AAB20jvuXeMes+A=; b=Fxexf3MbqXOiYWbYYDVi6ddVke/lpIWRMv9ffguoBY12SEzsXv3DSJ+EKvNiOo6bF7 1sakzeuE7iuiV8zLlRIi0VEP2Si/Pls2O8l3YsrRPE0OMRo5/92yL+tKUtpYuarfA0Ab 6T9IDPFMzx1KxWuA5LQeGdm3DW/cKc5tEDnhc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=hhdv5Plyx5U9fTyg0AQXvpVbNxe6AAB20jvuXeMes+A=; b=DjtH27y0VjMlzL9QVEmseI+99hiyMYF0EY9Xcaj1fFfg34yASLeWnGmASthV2G6AuP 7CEQek/IBlsujW3FfTaNE6V5ib/OFyInnajtbsl6xsaK+QvM4cXENxjKfmPlbPdo3wQ7 M/BPaAQeyC0eOVe0YxgdbXwzaWHu+/fVkNNTOhqPwgZ1LF/Bs0YZxIz34zCEAuEszHAc LiqY29i4cee/1k5eiG8FaoX0SfWaRoPlEA5hcYN5ETXoQfzt0oXkz/V74hUFC0ZF64uI 1G8iuMQRsHlb1j1BpZ2rXIL7S9zZmVhBEJriZwPZ3A4/Vvm5tONB+RbLUPx5GK/ZFyk7 SnyQ== X-Gm-Message-State: AIVw110smgopTTwddtuGBZrZ9GDE2RTmjG0K3jjSFi/1wE/dy+ZsZya7 RIu5k0h5L2nqv8GlKi7xxA== X-Received: by 10.46.7.26 with SMTP id 26mr955160ljh.64.1499937490796; Thu, 13 Jul 2017 02:18:10 -0700 (PDT) Received: from genomnajs.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id h74sm1148690lfh.31.2017.07.13.02.18.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jul 2017 02:18:09 -0700 (PDT) From: Linus Walleij To: linux-mmc@vger.kernel.org, Ulf Hansson Cc: Grzegorz Sluja , Linus Walleij Subject: [PATCH] mmc: block: Block new req entering queue after its cleanup Date: Thu, 13 Jul 2017 11:17:58 +0200 Message-Id: <20170713091758.2975-1-linus.walleij@linaro.org> X-Mailer: git-send-email 2.9.4 Sender: linux-mmc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-mmc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Grzegorz Sluja commit 304419d8a7e9204c5d19b704467b814df8c8f5b1 'mmc: core: Allocate per-request data using the block layer core' refactored mechanism of queue handling caused mmc_init_request() can be called just after mmc_cleanup_queue() caused null pointer dereference: dmesg: [ 683.123791] BUG: unable to handle kernel NULL pointer dereference at (null) [ 683.123801] IP: mmc_init_request+0x2c/0xf0 [mmc_block] ... [ 683.123905] Call Trace: [ 683.123913] alloc_request_size+0x4f/0x70 [ 683.123919] mempool_alloc+0x5f/0x150 [ 683.123925] ? __enqueue_entity+0x6c/0x70 [ 683.123928] get_request+0x3ad/0x720 [ 683.123933] ? prepare_to_wait_event+0x110/0x110 [ 683.123937] blk_queue_bio+0xc1/0x3a0 [ 683.123940] generic_make_request+0xf8/0x2a0 [ 683.123942] submit_bio+0x75/0x150 [ 683.123947] submit_bio_wait+0x51/0x70 [ 683.123951] blkdev_issue_flush+0x5c/0x90 [ 683.123956] ext4_sync_fs+0x171/0x1b0 [ 683.123961] sync_filesystem+0x73/0x90 [ 683.123965] fsync_bdev+0x24/0x50 [ 683.123971] invalidate_partition+0x24/0x50 [ 683.123973] del_gendisk+0xb2/0x2a0 [ 683.123977] mmc_blk_remove_req.part.38+0x71/0xa0 [mmc_block] [ 683.123980] mmc_blk_remove+0xba/0x190 [mmc_block] [ 683.123990] mmc_bus_remove+0x1a/0x20 [mmc_core] [ 683.123995] device_release_driver_internal+0x141/0x200 [ 683.123999] device_release_driver+0x12/0x20 [ 683.124001] bus_remove_device+0xfd/0x170 [ 683.124004] device_del+0x1e8/0x330 [ 683.124012] mmc_remove_card+0x60/0xc0 [mmc_core] [ 683.124019] mmc_remove+0x19/0x30 [mmc_core] [ 683.124025] mmc_stop_host+0xfb/0x1a0 [mmc_core] [ 683.124032] mmc_remove_host+0x1a/0x40 [mmc_core] [ 683.124037] sdhci_remove_host+0x2e/0x1c0 [mmc_sdhci] [ 683.124042] sdhci_pci_remove_slot+0x3f/0x80 [sdhci_pci] [ 683.124045] sdhci_pci_remove+0x39/0x70 [sdhci_pci] [ 683.124049] pci_device_remove+0x39/0xc0 [ 683.124052] device_release_driver_internal+0x141/0x200 [ 683.124056] driver_detach+0x3f/0x80 [ 683.124059] bus_remove_driver+0x55/0xd0 [ 683.124062] driver_unregister+0x2c/0x50 [ 683.124065] pci_unregister_driver+0x29/0x90 [ 683.124069] sdhci_driver_exit+0x10/0x4f3 [sdhci_pci] [ 683.124073] SyS_delete_module+0x171/0x250 [ 683.124078] entry_SYSCALL_64_fastpath+0x1e/0xa9 Set queue DYING flag just before its cleaning blocked new req entering the queue afterwards. Signed-off-by: Grzegorz Sluja Signed-off-by: Linus Walleij --- Hi Ulf, forwarding an important fix from Grzegorz at Intel, please apply! Linus --- drivers/mmc/core/block.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 0cfac2d39107..5ddde7dc9075 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -2167,6 +2167,7 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md) * from being accepted. */ card = md->queue.card; + blk_set_queue_dying(md->queue.queue); mmc_cleanup_queue(&md->queue); if (md->disk->flags & GENHD_FL_UP) { device_remove_file(disk_to_dev(md->disk), &md->force_ro);