Revision - bbdc74d - mmc: block: Prevent new req entering queue after its cleanup

Revision bbdc74dc19e09ac4e71bfb219596b3d5bc786720 authored by Grzegorz Sluja on 13 July 2017, 09:17:58 UTC, committed by Ulf Hansson on 13 July 2017, 09:44:01 UTC

mmc: block: Prevent new req entering queue after its cleanup

The commit 304419d8a7e9 ("mmc: core: Allocate per-request data using the
block layer core"), refactored the mechanism of queue handling, but also
made mmc_init_request() to be called after mmc_cleanup_queue(). This
triggers a null pointer dereference:

[  683.123791] BUG: unable to handle kernel NULL pointer dereference at (null)
[  683.123801] IP: mmc_init_request+0x2c/0xf0 [mmc_block]
...
[  683.123905] Call Trace:
[  683.123913]  alloc_request_size+0x4f/0x70
[  683.123919]  mempool_alloc+0x5f/0x150
[  683.123925]  ? __enqueue_entity+0x6c/0x70
[  683.123928]  get_request+0x3ad/0x720
[  683.123933]  ? prepare_to_wait_event+0x110/0x110
[  683.123937]  blk_queue_bio+0xc1/0x3a0
[  683.123940]  generic_make_request+0xf8/0x2a0
[  683.123942]  submit_bio+0x75/0x150
[  683.123947]  submit_bio_wait+0x51/0x70
[  683.123951]  blkdev_issue_flush+0x5c/0x90
[  683.123956]  ext4_sync_fs+0x171/0x1b0
[  683.123961]  sync_filesystem+0x73/0x90
[  683.123965]  fsync_bdev+0x24/0x50
[  683.123971]  invalidate_partition+0x24/0x50
[  683.123973]  del_gendisk+0xb2/0x2a0
[  683.123977]  mmc_blk_remove_req.part.38+0x71/0xa0 [mmc_block]
[  683.123980]  mmc_blk_remove+0xba/0x190 [mmc_block]
[  683.123990]  mmc_bus_remove+0x1a/0x20 [mmc_core]
[  683.123995]  device_release_driver_internal+0x141/0x200
[  683.123999]  device_release_driver+0x12/0x20
[  683.124001]  bus_remove_device+0xfd/0x170
[  683.124004]  device_del+0x1e8/0x330
[  683.124012]  mmc_remove_card+0x60/0xc0 [mmc_core]
[  683.124019]  mmc_remove+0x19/0x30 [mmc_core]
[  683.124025]  mmc_stop_host+0xfb/0x1a0 [mmc_core]
[  683.124032]  mmc_remove_host+0x1a/0x40 [mmc_core]
[  683.124037]  sdhci_remove_host+0x2e/0x1c0 [mmc_sdhci]
[  683.124042]  sdhci_pci_remove_slot+0x3f/0x80 [sdhci_pci]
[  683.124045]  sdhci_pci_remove+0x39/0x70 [sdhci_pci]
[  683.124049]  pci_device_remove+0x39/0xc0
[  683.124052]  device_release_driver_internal+0x141/0x200
[  683.124056]  driver_detach+0x3f/0x80
[  683.124059]  bus_remove_driver+0x55/0xd0
[  683.124062]  driver_unregister+0x2c/0x50
[  683.124065]  pci_unregister_driver+0x29/0x90
[  683.124069]  sdhci_driver_exit+0x10/0x4f3 [sdhci_pci]
[  683.124073]  SyS_delete_module+0x171/0x250
[  683.124078]  entry_SYSCALL_64_fastpath+0x1e/0xa9

Fix this by setting the queue DYING flag before cleanup the queue, as it
prevents new reqs from entering the queue.

Signed-off-by: Grzegorz Sluja <grzegorzx.sluja@intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Fixes: 304419d8a7e9 ("mmc: core: Allocate per-request data using the...")
[Ulf: Updated the changelog]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

1 parent aab2ee0

Files
Changes

Permalinks

File	Mode	Size
bpf
cgroup
configs
debug
events
gcov
irq
livepatch
locking
power
printk
rcu
sched
time
trace
.gitignore	-rw-r--r--	69 bytes
Kconfig.freezer	-rw-r--r--	52 bytes
Kconfig.hz	-rw-r--r--	1.6 KB
Kconfig.locks	-rw-r--r--	4.8 KB
Kconfig.preempt	-rw-r--r--	2.1 KB
Makefile	-rw-r--r--	3.9 KB
acct.c	-rw-r--r--	15.4 KB
async.c	-rw-r--r--	9.9 KB
audit.c	-rw-r--r--	62.1 KB
audit.h	-rw-r--r--	11.0 KB
audit_fsnotify.c	-rw-r--r--	6.1 KB
audit_tree.c	-rw-r--r--	23.9 KB
audit_watch.c	-rw-r--r--	14.5 KB
auditfilter.c	-rw-r--r--	33.9 KB
auditsc.c	-rw-r--r--	65.3 KB
backtracetest.c	-rw-r--r--	2.1 KB
bounds.c	-rw-r--r--	703 bytes
capability.c	-rw-r--r--	13.9 KB
compat.c	-rw-r--r--	16.6 KB
configs.c	-rw-r--r--	2.8 KB
context_tracking.c	-rw-r--r--	6.3 KB
cpu.c	-rw-r--r--	42.9 KB
cpu_pm.c	-rw-r--r--	6.5 KB
crash_core.c	-rw-r--r--	10.5 KB
crash_dump.c	-rw-r--r--	1.3 KB
cred.c	-rw-r--r--	21.5 KB
delayacct.c	-rw-r--r--	4.5 KB
dma.c	-rw-r--r--	3.6 KB
elfcore.c	-rw-r--r--	396 bytes
exec_domain.c	-rw-r--r--	1.4 KB
exit.c	-rw-r--r--	44.2 KB
extable.c	-rw-r--r--	4.3 KB
fork.c	-rw-r--r--	58.8 KB
freezer.c	-rw-r--r--	4.4 KB
futex.c	-rw-r--r--	93.8 KB
futex_compat.c	-rw-r--r--	4.5 KB
groups.c	-rw-r--r--	4.9 KB
hung_task.c	-rw-r--r--	6.2 KB
irq_work.c	-rw-r--r--	4.4 KB
jump_label.c	-rw-r--r--	18.0 KB
kallsyms.c	-rw-r--r--	16.5 KB
kcmp.c	-rw-r--r--	4.4 KB
kcov.c	-rw-r--r--	6.9 KB
kexec.c	-rw-r--r--	6.8 KB
kexec_core.c	-rw-r--r--	29.5 KB
kexec_file.c	-rw-r--r--	25.4 KB
kexec_internal.h	-rw-r--r--	818 bytes
kmod.c	-rw-r--r--	19.6 KB
kprobes.c	-rw-r--r--	62.6 KB
ksysfs.c	-rw-r--r--	6.3 KB
kthread.c	-rw-r--r--	32.1 KB
latencytop.c	-rw-r--r--	7.9 KB
membarrier.c	-rw-r--r--	2.5 KB
memremap.c	-rw-r--r--	12.3 KB
module-internal.h	-rw-r--r--	458 bytes
module.c	-rw-r--r--	109.9 KB
module_signing.c	-rw-r--r--	2.2 KB
notifier.c	-rw-r--r--	16.3 KB
nsproxy.c	-rw-r--r--	6.5 KB
padata.c	-rw-r--r--	25.4 KB
panic.c	-rw-r--r--	15.8 KB
params.c	-rw-r--r--	23.1 KB
pid.c	-rw-r--r--	15.0 KB
pid_namespace.c	-rw-r--r--	11.8 KB
profile.c	-rw-r--r--	14.8 KB
ptrace.c	-rw-r--r--	32.7 KB
range.c	-rw-r--r--	3.0 KB
reboot.c	-rw-r--r--	13.3 KB
relay.c	-rw-r--r--	32.1 KB
resource.c	-rw-r--r--	39.3 KB
seccomp.c	-rw-r--r--	24.1 KB
signal.c	-rw-r--r--	95.7 KB
smp.c	-rw-r--r--	21.3 KB
smpboot.c	-rw-r--r--	13.3 KB
smpboot.h	-rw-r--r--	601 bytes
softirq.c	-rw-r--r--	19.0 KB
stacktrace.c	-rw-r--r--	1.8 KB
stop_machine.c	-rw-r--r--	17.1 KB
sys.c	-rw-r--r--	60.5 KB
sys_ni.c	-rw-r--r--	7.2 KB
sysctl.c	-rw-r--r--	67.5 KB
sysctl_binary.c	-rw-r--r--	50.9 KB
task_work.c	-rw-r--r--	3.3 KB
taskstats.c	-rw-r--r--	15.4 KB
test_kprobes.c	-rw-r--r--	7.4 KB
torture.c	-rw-r--r--	21.0 KB
tracepoint.c	-rw-r--r--	14.6 KB
tsacct.c	-rw-r--r--	5.1 KB
ucount.c	-rw-r--r--	5.7 KB
uid16.c	-rw-r--r--	5.0 KB
up.c	-rw-r--r--	2.0 KB
user-return-notifier.c	-rw-r--r--	1.3 KB
user.c	-rw-r--r--	5.4 KB
user_namespace.c	-rw-r--r--	27.4 KB
utsname.c	-rw-r--r--	3.6 KB
utsname_sysctl.c	-rw-r--r--	3.0 KB
watchdog.c	-rw-r--r--	22.8 KB
watchdog_hld.c	-rw-r--r--	6.5 KB
workqueue.c	-rw-r--r--	155.0 KB
workqueue_internal.h	-rw-r--r--	2.2 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...