From: "Ray Jui" <rjui@broadcom.com>
To: "Seungwon Jeon" <tgih.jun@samsung.com>,
"Chris Ball" <cjb@laptop.org>,
rjui@broadcom.com
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] mmc: fix host release issue after discard operation
Date: Mon, 4 Nov 2013 10:40:58 -0800 [thread overview]
Message-ID: <5277EA3A.4020001@broadcom.com> (raw)
In-Reply-To: <1382810624-17659-1-git-send-email-rjui@broadcom.com>
On 10/26/2013 11:03 AM, Ray Jui wrote:
> Under function mmc_blk_issue_rq, after an MMC discard operation,
> the MMC request data structure may be freed in memory. Later in
> the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
> is dangerous and invalid. It causes the MMC host not to be released
> when it should
>
> This patch fixes the issue by marking the special request down before
> the discard/flush operation
>
> Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
> Signed-off-by: Ray Jui <rjui@broadcom.com>
> Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
> ---
> drivers/mmc/card/block.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> index 1a3163f..4e8212c 100644
> --- a/drivers/mmc/card/block.c
> +++ b/drivers/mmc/card/block.c
> @@ -1959,6 +1959,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> struct mmc_card *card = md->queue.card;
> struct mmc_host *host = card->host;
> unsigned long flags;
> + unsigned int cmd_flags = req ? req->cmd_flags : 0;
>
> if (req && !mq->mqrq_prev->req)
> /* claim host only for the first request */
> @@ -1974,7 +1975,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> }
>
> mq->flags &= ~MMC_QUEUE_NEW_REQUEST;
> - if (req && req->cmd_flags & REQ_DISCARD) {
> + if (cmd_flags & REQ_DISCARD) {
> /* complete ongoing async transfer before issuing discard */
> if (card->host->areq)
> mmc_blk_issue_rw_rq(mq, NULL);
> @@ -1983,7 +1984,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> ret = mmc_blk_issue_secdiscard_rq(mq, req);
> else
> ret = mmc_blk_issue_discard_rq(mq, req);
> - } else if (req && req->cmd_flags & REQ_FLUSH) {
> + } else if (cmd_flags & REQ_FLUSH) {
> /* complete ongoing async transfer before issuing flush */
> if (card->host->areq)
> mmc_blk_issue_rw_rq(mq, NULL);
> @@ -1999,7 +2000,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
>
> out:
> if ((!req && !(mq->flags & MMC_QUEUE_NEW_REQUEST)) ||
> - (req && (req->cmd_flags & MMC_REQ_SPECIAL_MASK)))
> + (cmd_flags & MMC_REQ_SPECIAL_MASK))
> /*
> * Release host when there are no more requests
> * and after special request(discard, flush) is done.
>
Hi Seungwon/Chris,
Have you got a chance to review the MMC discard patch V2? The patch v2
makes changes from v1 based on Seungwon's review comments.
Thanks,
Ray Jui
next prev parent reply other threads:[~2013-11-04 18:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-26 18:03 [PATCH v2] mmc: fix host release issue after discard operation Ray Jui
2013-11-04 18:40 ` Ray Jui [this message]
2013-11-18 11:24 ` Seungwon Jeon
2013-11-26 22:06 ` Chris Ball
2013-11-26 22:35 ` Ray Jui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5277EA3A.4020001@broadcom.com \
--to=rjui@broadcom.com \
--cc=cjb@laptop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tgih.jun@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.