From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Geert Uytterhoeven <geert+renesas@glider.be>,
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>,
Ulf Hansson <ulf.hansson@linaro.org>
Subject: [PATCH 4.19 17/25] mmc: core: Cancel delayed work before releasing host
Date: Sat, 13 Jan 2024 10:49:58 +0100 [thread overview]
Message-ID: <20240113094205.582947827@linuxfoundation.org> (raw)
In-Reply-To: <20240113094205.025407355@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
commit 1036f69e251380573e256568cf814506e3fb9988 upstream.
On RZ/Five SMARC EVK, where probing of SDHI is deferred due to probe
deferral of the vqmmc-supply regulator:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at kernel/time/timer.c:1738 __run_timers.part.0+0x1d0/0x1e8
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 6.7.0-rc4 #101
Hardware name: Renesas SMARC EVK based on r9a07g043f01 (DT)
epc : __run_timers.part.0+0x1d0/0x1e8
ra : __run_timers.part.0+0x134/0x1e8
epc : ffffffff800771a4 ra : ffffffff80077108 sp : ffffffc800003e60
gp : ffffffff814f5028 tp : ffffffff8140c5c0 t0 : ffffffc800000000
t1 : 0000000000000001 t2 : ffffffff81201300 s0 : ffffffc800003f20
s1 : ffffffd8023bc4a0 a0 : 00000000fffee6b0 a1 : 0004010000400000
a2 : ffffffffc0000016 a3 : ffffffff81488640 a4 : ffffffc800003e60
a5 : 0000000000000000 a6 : 0000000004000000 a7 : ffffffc800003e68
s2 : 0000000000000122 s3 : 0000000000200000 s4 : 0000000000000000
s5 : ffffffffffffffff s6 : ffffffff81488678 s7 : ffffffff814886c0
s8 : ffffffff814f49c0 s9 : ffffffff81488640 s10: 0000000000000000
s11: ffffffc800003e60 t3 : 0000000000000240 t4 : 0000000000000a52
t5 : ffffffd8024ae018 t6 : ffffffd8024ae038
status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003
[<ffffffff800771a4>] __run_timers.part.0+0x1d0/0x1e8
[<ffffffff800771e0>] run_timer_softirq+0x24/0x4a
[<ffffffff80809092>] __do_softirq+0xc6/0x1fa
[<ffffffff80028e4c>] irq_exit_rcu+0x66/0x84
[<ffffffff80800f7a>] handle_riscv_irq+0x40/0x4e
[<ffffffff80808f48>] call_on_irq_stack+0x1c/0x28
---[ end trace 0000000000000000 ]---
What happens?
renesas_sdhi_probe()
{
tmio_mmc_host_alloc()
mmc_alloc_host()
INIT_DELAYED_WORK(&host->detect, mmc_rescan);
devm_request_irq(tmio_mmc_irq);
/*
* After this, the interrupt handler may be invoked at any time
*
* tmio_mmc_irq()
* {
* __tmio_mmc_card_detect_irq()
* mmc_detect_change()
* _mmc_detect_change()
* mmc_schedule_delayed_work(&host->detect, delay);
* }
*/
tmio_mmc_host_probe()
tmio_mmc_init_ocr()
-EPROBE_DEFER
tmio_mmc_host_free()
mmc_free_host()
}
When expire_timers() runs later, it warns because the MMC host structure
containing the delayed work was freed, and now contains an invalid work
function pointer.
Fix this by cancelling any pending delayed work before releasing the
MMC host structure.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/205dc4c91b47e31b64392fe2498c7a449e717b4b.1701689330.git.geert+renesas@glider.be
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/host.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mmc/core/host.c
+++ b/drivers/mmc/core/host.c
@@ -489,6 +489,7 @@ EXPORT_SYMBOL(mmc_remove_host);
*/
void mmc_free_host(struct mmc_host *host)
{
+ cancel_delayed_work_sync(&host->detect);
mmc_pwrseq_free(host);
put_device(&host->class_dev);
}
next prev parent reply other threads:[~2024-01-13 9:54 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-13 9:49 [PATCH 4.19 00/25] 4.19.305-rc1 review Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 01/25] nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 02/25] i40e: Fix filter input checks to prevent config with invalid values Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 03/25] net: sched: em_text: fix possible memory leak in em_text_destroy() Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 04/25] ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 05/25] net: bcmgenet: Fix FCS generation for fragmented skbuffs Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 06/25] net: Save and restore msg_namelen in sock_sendmsg Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 07/25] i40e: fix use-after-free in i40e_aqc_add_filters() Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 08/25] i40e: Restore VF MSI-X state during PCI reset Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 09/25] net/qla3xxx: switch from pci_ to dma_ API Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 10/25] net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 11/25] asix: Add check for usbnet_get_endpoints Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 12/25] bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 13/25] mm/memory-failure: check the mapcount of the precise page Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 14/25] firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 15/25] mm: fix unmap_mapping_range high bits shift bug Greg Kroah-Hartman
2024-01-13 9:49 ` [PATCH 4.19 16/25] mmc: rpmb: fixes pause retune on all RPMB partitions Greg Kroah-Hartman
2024-01-13 9:49 ` Greg Kroah-Hartman [this message]
2024-01-13 9:49 ` [PATCH 4.19 18/25] fuse: nlookup missing decrement in fuse_direntplus_link Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 19/25] netfilter: nf_tables: Reject tables of unsupported family Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 20/25] PCI: Extract ATS disabling to a helper function Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 21/25] PCI: Disable ATS for specific Intel IPU E2000 devices Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 22/25] net: add a route cache full diagnostic message Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 23/25] net/dst: use a smaller percpu_counter batch for dst entries accounting Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 24/25] ipv6: make ip6_rt_gc_expire an atomic_t Greg Kroah-Hartman
2024-01-13 9:50 ` [PATCH 4.19 25/25] ipv6: remove max_size check inline with ipv4 Greg Kroah-Hartman
2024-01-14 10:32 ` [PATCH 4.19 00/25] 4.19.305-rc1 review Pavel Machek
2024-01-15 8:57 ` Naresh Kamboju
2024-01-15 10:23 ` Jon Hunter
2024-01-15 16:24 ` Harshit Mogalapalli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240113094205.582947827@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=geert+renesas@glider.be \
--cc=patches@lists.linux.dev \
--cc=prabhakar.mahadev-lad.rj@bp.renesas.com \
--cc=stable@vger.kernel.org \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox