* RE: [PATCH v2] mmc: fix host release issue after discard operation
[not found] ` <5277EA3A.4020001@broadcom.com>
@ 2013-11-18 11:24 ` Seungwon Jeon
0 siblings, 0 replies; 3+ messages in thread
From: Seungwon Jeon @ 2013-11-18 11:24 UTC (permalink / raw)
To: 'Ray Jui', 'Chris Ball'; +Cc: linux-kernel, linux-mmc
On Tue, November 05, 2013, Ray Jui wrote:
> On 10/26/2013 11:03 AM, Ray Jui wrote:
> > Under function mmc_blk_issue_rq, after an MMC discard operation,
> > the MMC request data structure may be freed in memory. Later in
> > the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
> > is dangerous and invalid. It causes the MMC host not to be released
> > when it should
Is commit message cut here?
> >
> > This patch fixes the issue by marking the special request down before
> > the discard/flush operation
> >
> > Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
> > Signed-off-by: Ray Jui <rjui@broadcom.com>
> > Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
> > ---
> > drivers/mmc/card/block.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> > index 1a3163f..4e8212c 100644
> > --- a/drivers/mmc/card/block.c
> > +++ b/drivers/mmc/card/block.c
> > @@ -1959,6 +1959,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> > struct mmc_card *card = md->queue.card;
> > struct mmc_host *host = card->host;
> > unsigned long flags;
> > + unsigned int cmd_flags = req ? req->cmd_flags : 0;
> >
> > if (req && !mq->mqrq_prev->req)
> > /* claim host only for the first request */
> > @@ -1974,7 +1975,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> > }
> >
> > mq->flags &= ~MMC_QUEUE_NEW_REQUEST;
> > - if (req && req->cmd_flags & REQ_DISCARD) {
> > + if (cmd_flags & REQ_DISCARD) {
> > /* complete ongoing async transfer before issuing discard */
> > if (card->host->areq)
> > mmc_blk_issue_rw_rq(mq, NULL);
> > @@ -1983,7 +1984,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> > ret = mmc_blk_issue_secdiscard_rq(mq, req);
> > else
> > ret = mmc_blk_issue_discard_rq(mq, req);
> > - } else if (req && req->cmd_flags & REQ_FLUSH) {
> > + } else if (cmd_flags & REQ_FLUSH) {
> > /* complete ongoing async transfer before issuing flush */
> > if (card->host->areq)
> > mmc_blk_issue_rw_rq(mq, NULL);
> > @@ -1999,7 +2000,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req)
> >
> > out:
> > if ((!req && !(mq->flags & MMC_QUEUE_NEW_REQUEST)) ||
> > - (req && (req->cmd_flags & MMC_REQ_SPECIAL_MASK)))
> > + (cmd_flags & MMC_REQ_SPECIAL_MASK))
> > /*
> > * Release host when there are no more requests
> > * and after special request(discard, flush) is done.
> >
> Hi Seungwon/Chris,
>
> Have you got a chance to review the MMC discard patch V2? The patch v2
> makes changes from v1 based on Seungwon's review comments.
Adding linux-mmc. It has been omitted.
(+linux-mmc)
CC: Stable <stable@kernel.org>
Acked-by: Seungwon Jeon <tgih.jun@samsung.com>
Thanks,
Seungwon Jeon
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] mmc: fix host release issue after discard operation
[not found] <1382810624-17659-1-git-send-email-rjui@broadcom.com>
[not found] ` <5277EA3A.4020001@broadcom.com>
@ 2013-11-26 22:06 ` Chris Ball
2013-11-26 22:35 ` Ray Jui
1 sibling, 1 reply; 3+ messages in thread
From: Chris Ball @ 2013-11-26 22:06 UTC (permalink / raw)
To: Ray Jui; +Cc: Seungwon Jeon, linux-kernel, linux-mmc
Hi Ray,
On Sat, Oct 26 2013, Ray Jui wrote:
> Under function mmc_blk_issue_rq, after an MMC discard operation,
> the MMC request data structure may be freed in memory. Later in
> the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
> is dangerous and invalid. It causes the MMC host not to be released
> when it should
>
> This patch fixes the issue by marking the special request down before
> the discard/flush operation
>
> Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
> Signed-off-by: Ray Jui <rjui@broadcom.com>
> Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
Thanks, pushed to mmc-next for 3.14 and -stable.
- Chris.
--
Chris Ball <cjb@laptop.org> <http://printf.net/>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] mmc: fix host release issue after discard operation
2013-11-26 22:06 ` Chris Ball
@ 2013-11-26 22:35 ` Ray Jui
0 siblings, 0 replies; 3+ messages in thread
From: Ray Jui @ 2013-11-26 22:35 UTC (permalink / raw)
To: Chris Ball; +Cc: Seungwon Jeon, linux-kernel, linux-mmc
On 11/26/2013 2:06 PM, Chris Ball wrote:
> Hi Ray,
>
> On Sat, Oct 26 2013, Ray Jui wrote:
>> Under function mmc_blk_issue_rq, after an MMC discard operation,
>> the MMC request data structure may be freed in memory. Later in
>> the same function, the check of req->cmd_flags & MMC_REQ_SPECIAL_MASK
>> is dangerous and invalid. It causes the MMC host not to be released
>> when it should
>>
>> This patch fixes the issue by marking the special request down before
>> the discard/flush operation
>>
>> Reported by: Harold (SoonYeal) Yang <haroldsy@broadcom.com>
>> Signed-off-by: Ray Jui <rjui@broadcom.com>
>> Reviewed-by: Seungwon Jeon <tgih.jun@samsung.com>
>
> Thanks, pushed to mmc-next for 3.14 and -stable.
>
> - Chris.
>
Great!
Thanks,
Ray
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-11-26 22:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1382810624-17659-1-git-send-email-rjui@broadcom.com>
[not found] ` <5277EA3A.4020001@broadcom.com>
2013-11-18 11:24 ` [PATCH v2] mmc: fix host release issue after discard operation Seungwon Jeon
2013-11-26 22:06 ` Chris Ball
2013-11-26 22:35 ` Ray Jui
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).