From: Alban Browaeys <prahal@yahoo.com>
To: linux-mmc@vger.kernel.org
Cc: Chris Ball <cjb@laptop.org>
Subject: mmc oops on suspend - remove device
Date: Sat, 10 Aug 2013 18:10:06 +0200 [thread overview]
Message-ID: <1376151006.31508.2.camel@penelope> (raw)
The oops spots commit add710e , though I cannot tell if the commit is
at fault. That is could card from md->queue.card be null and then checks
are missing before dereference or is the issue that card is null when it
ought not.
This happens when I do :
# echo "mem" > /sys/power/state
mmc1 is emmc that can be detached:
dts (derived from exynos4412-odroidx and exynos4412-origen)
mshc@12550000 {
#address-cells = <1>;
#size-cells = <0>;
pinctrl-0 = <&sd4_clk &sd4_cmd &sd4_cd &sd4_bus8>;
pinctrl-names = "default";
vmmc-supply = <&ldo20_reg &buck8_reg>;
status = "okay";
num-slots = <1>;
supports-highspeed;
broken-cd;
fifo-depth = <0x80>;
card-detect-delay = <200>;
samsung,dw-mshc-ciu-div = <3>;
samsung,dw-mshc-sdr-timing = <2 3>;
samsung,dw-mshc-ddr-timing = <1 2>;
samsung,dw-mshc-hwreset-gpio = <&gpk1 2 1>;
slot@0 {
reg = <0>;
bus-width = <8>;
};
};
ie drivers/mmc/host/dw_mmc-exynos.c
The commit that produce the issue
commit add710eaa88606de8ba98a014d37178579e6dbaf
Author: Johan Rudholm <johan.rudholm@stericsson.com>
Date: Fri Dec 2 08:51:06 2011 +0100
mmc: boot partition ro lock support
Enable boot partitions to be read-only locked until next power on
via
a sysfs entry. There will be one sysfs entry for each boot
partition:
/sys/block/mmcblkXbootY/ro_lock_until_next_power_on
Each boot partition is locked by writing 1 to its file.
Signed-off-by: Johan Rudholm <johan.rudholm@stericsson.com>
Signed-off-by: John Beckett <john.beckett@stericsson.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Oops:
Unable to handle kernel NULL pointer dereference at virtual address 000002a8
pgd = ecd9c000
[000002a8] *pgd=6d082831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
Modules linked in: bnep rfcomm smsc95xx usbnet mii bluetooth nfsd lockd nfs_acl exportfs auth_rpcgss sunrpc oid_registry vfat fat btrfs raid6_pq xor zlib_deflate
CPU: 3 PID: 2384 Comm: bash Not tainted 3.11.0-rc4-00869-ga7143f1-dirty #60
task: c46d9b00 ti: ecefc000 task.ti: ecefc000
PC is at mmc_blk_remove_req+0x58/0x88
LR is at _raw_spin_unlock_irqrestore+0xc/0x14
pc : [<c034e7d8>] lr : [<c0494ac8>] psr: 200f0053
sp : ecefddf8 ip : 00000000 fp : 000dc1e8
r10: c058ead8 r9 : ecce3f18 r8 : 00100100
r7 : 00200200 r6 : c26b7118 r5 : 00000000 r4 : c26b1dc0
r3 : 00000002 r2 : 00000000 r1 : 200f0053 r0 : 00000000
Flags: nzCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment user
Control: 10c5387d Table: 6cd9c04a DAC: 00000015
Process bash (pid: 2384, stack limit = 0xecefc240)
Stack: (0xecefddf8 to 0xecefe000)
dde0: c26b2058 c26b6898
de00: c26b6898 c03512d0 d2623180 d2623188 c06bb90c c26b06d8 c26b6e80 c0351308
de20: 00000000 c0494ac8 d2623188 c06bbd54 c06bb90c c26b06d8 00000003 c034409c
de40: c0344084 c0265a20 c46d9b00 d26231bc d2623188 c0265a88 00000000 d2623188
de60: c479aafc c0265410 d2623188 c26b0448 00000001 c0262c04 d2623188 c26b0440
de80: 00000001 c034463c c26b0440 c0345124 c26b060c c0343fb0 c0343f1c fffffffc
dea0: c06bb3f8 00000000 00000000 c00413b4 c0690fec ffffffff 00000000 00000003
dec0: 00000004 c00417b4 00000000 c0497a70 00000003 00000003 c06c5a60 c0497a70
dee0: 00000003 c00417e4 00000000 00000003 c06c5a60 c0059d48 00000000 c005aa9c
df00: ed366000 00000003 c0497a70 c0059a68 00000004 ecefdf80 ecce3f00 d27f6d20
df20: 00000004 d27f5e80 c04b06b8 c01d610c 00000004 c012b224 ed0ee000 00000004
df40: 000af408 ecefdf80 00000000 00000000 00000000 c00d59d4 c4607900 00000001
df60: 0000000a ed0ee000 00000000 000af408 00000004 00000000 00000000 c00d5d3c
df80: 00000000 00000000 00000000 b6e98a78 00000004 000af408 00000004 c000ebc8
dfa0: ecefc000 c000ea20 b6e98a78 00000004 00000001 000af408 00000004 00000000
dfc0: b6e98a78 00000004 000af408 00000004 be9c596c 000a6094 00000000 000dc1e8
dfe0: 00000000 be9c58ec b6e07747 b6e3f11c 40070050 00000001 429a2201 8108f000
[<c034e7d8>] (mmc_blk_remove_req+0x58/0x88) from [<c03512d0>] (mmc_blk_remove_parts.isra.5+0x90/0xa8)
[<c03512d0>] (mmc_blk_remove_parts.isra.5+0x90/0xa8) from [<c0351308>] (mmc_blk_remove+0x20/0x128)
[<c0351308>] (mmc_blk_remove+0x20/0x128) from [<c034409c>] (mmc_bus_remove+0x18/0x20)
[<c034409c>] (mmc_bus_remove+0x18/0x20) from [<c0265a20>] (__device_release_driver+0x7c/0xc8)
[<c0265a20>] (__device_release_driver+0x7c/0xc8) from [<c0265a88>] (device_release_driver+0x1c/0x28)
[<c0265a88>] (device_release_driver+0x1c/0x28) from [<c0265410>] (bus_remove_device+0x100/0x11c)
[<c0265410>] (bus_remove_device+0x100/0x11c) from [<c0262c04>] (device_del+0x110/0x174)
[<c0262c04>] (device_del+0x110/0x174) from [<c034463c>] (mmc_remove_card+0x64/0x78)
[<c034463c>] (mmc_remove_card+0x64/0x78) from [<c0345124>] (mmc_remove+0x24/0x30)
[<c0345124>] (mmc_remove+0x24/0x30) from [<c0343fb0>] (mmc_pm_notify+0x94/0xf8)
[<c0343fb0>] (mmc_pm_notify+0x94/0xf8) from [<c00413b4>] (notifier_call_chain+0x44/0x84)
[<c00413b4>] (notifier_call_chain+0x44/0x84) from [<c00417b4>] (__blocking_notifier_call_chain+0x48/0x60)
[<c00417b4>] (__blocking_notifier_call_chain+0x48/0x60) from [<c00417e4>] (blocking_notifier_call_chain+0x18/0x20)
[<c00417e4>] (blocking_notifier_call_chain+0x18/0x20) from [<c0059d48>] (pm_notifier_call_chain+0x14/0x2c)
[<c0059d48>] (pm_notifier_call_chain+0x14/0x2c) from [<c005aa9c>] (pm_suspend+0xac/0x24c)
[<c005aa9c>] (pm_suspend+0xac/0x24c) from [<c0059a68>] (state_store+0xb0/0xc4)
[<c0059a68>] (state_store+0xb0/0xc4) from [<c01d610c>] (kobj_attr_store+0x14/0x20)
[<c01d610c>] (kobj_attr_store+0x14/0x20) from [<c012b224>] (sysfs_write_file+0x118/0x164)
[<c012b224>] (sysfs_write_file+0x118/0x164) from [<c00d59d4>] (vfs_write+0xd8/0x178)
[<c00d59d4>] (vfs_write+0xd8/0x178) from [<c00d5d3c>] (SyS_write+0x40/0x68)
[<c00d5d3c>] (SyS_write+0x40/0x68) from [<c000ea20>] (ret_fast_syscall+0x0/0x30)
Code: ebfc509b e59432dc e3130002 0a000006 (e5d532a8)
decodecode:
Code: ebfc509b e59432dc e3130002 0a000006 (e5d532a8)
All code
========
0: ebfc509b bl 0xfff14274
4: e59432dc ldr r3, [r4, #732] ; 0x2dc
8: e3130002 tst r3, #2
c: 0a000006 beq 0x2c
10:* e5d532a8 ldrb r3, [r5, #680] ; 0x2a8 <-- trapping instruction
Code starting with the faulting instruction
===========================================
0: e5d532a8 ldrb r3, [r5, #680] ; 0x2a8
from objdump -S:
static void mmc_blk_remove_req(struct mmc_blk_data *md)
{
c034e780: e92d4038 push {r3, r4, r5, lr}
struct mmc_card *card;
if (md) {
c034e784: e2504000 subs r4, r0, #0
c034e788: 08bd8038 popeq {r3, r4, r5, pc}
/*
* Flush remaining requests and free queues. It
* is freeing the queue that stops new requests
* from being accepted.
*/
mmc_cleanup_queue(&md->queue);
c034e78c: e2845014 add r5, r4, #20
c034e790: e1a00005 mov r0, r5
c034e794: eb000e2b bl c0352048 <mmc_cleanup_queue>
if (md->flags & MMC_BLK_PACKED_CMD)
c034e798: e59432a0 ldr r3, [r4, #672] ; 0x2a0
c034e79c: e3130004 tst r3, #4
c034e7a0: 0a000001 beq c034e7ac <mmc_blk_remove_req+0x2c>
mmc_packed_clean(&md->queue);
c034e7a4: e1a00005 mov r0, r5
c034e7a8: eb000df6 bl c0351f88 <mmc_packed_clean>
card = md->queue.card;
if (md->disk->flags & GENHD_FL_UP) {
c034e7ac: e5940010 ldr r0, [r4, #16]
* from being accepted.
*/
mmc_cleanup_queue(&md->queue);
if (md->flags & MMC_BLK_PACKED_CMD)
mmc_packed_clean(&md->queue);
card = md->queue.card;
c034e7b0: e5945014 ldr r5, [r4, #20]
if (md->disk->flags & GENHD_FL_UP) {
c034e7b4: e5903244 ldr r3, [r0, #580] ; 0x244
c034e7b8: e3130010 tst r3, #16
c034e7bc: 0a00000e beq c034e7fc <mmc_blk_remove_req+0x7c>
device_remove_file(disk_to_dev(md->disk), &md->force_ro);
c034e7c0: e2800068 add r0, r0, #104 ; 0x68
c034e7c4: e2841faf add r1, r4, #700 ; 0x2bc
c034e7c8: ebfc509b bl c0262a3c <device_remove_file>
if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) &&
c034e7cc: e59432dc ldr r3, [r4, #732] ; 0x2dc
c034e7d0: e3130002 tst r3, #2
c034e7d4: 0a000006 beq c034e7f4 <mmc_blk_remove_req+0x74>
c034e7d8: e5d532a8 ldrb r3, [r5, #680] ; 0x2a8
c034e7dc: e3530000 cmp r3, #0
c034e7e0: 0a000003 beq c034e7f4 <mmc_blk_remove_req+0x74>
card->ext_csd.boot_ro_lockable)
device_remove_file(disk_to_dev(md->disk),
c034e7e4: e5940010 ldr r0, [r4, #16]
that is r5 is "card = md->queue.card;" and is null, then on
card->ext_csd.boot_ro_lockable oops ensue.
next reply other threads:[~2013-08-10 16:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-10 16:10 Alban Browaeys [this message]
2013-08-12 7:08 ` mmc oops on suspend - remove device Jaehoon Chung
2013-08-12 13:00 ` Alban Browaeys
2013-08-12 7:25 ` Seungwon Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1376151006.31508.2.camel@penelope \
--to=prahal@yahoo.com \
--cc=cjb@laptop.org \
--cc=linux-mmc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.