korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-25 07:14:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
71f8a4b81d
linux/drivers
History
Jialing Fu 71f8a4b81d mmc: core: fix race condition in mmc_wait_data_done 
The following panic is captured in ker3.14, but the issue still exists
in latest kernel.
---------------------------------------------------------------------
[   20.738217] c0 3136 (Compiler) Unable to handle kernel NULL pointer dereference
at virtual address 00000578
......
[   20.738499] c0 3136 (Compiler) PC is at _raw_spin_lock_irqsave+0x24/0x60
[   20.738527] c0 3136 (Compiler) LR is at _raw_spin_lock_irqsave+0x20/0x60
[   20.740134] c0 3136 (Compiler) Call trace:
[   20.740165] c0 3136 (Compiler) [<ffffffc0008ee900>] _raw_spin_lock_irqsave+0x24/0x60
[   20.740200] c0 3136 (Compiler) [<ffffffc0000dd024>] __wake_up+0x1c/0x54
[   20.740230] c0 3136 (Compiler) [<ffffffc000639414>] mmc_wait_data_done+0x28/0x34
[   20.740262] c0 3136 (Compiler) [<ffffffc0006391a0>] mmc_request_done+0xa4/0x220
[   20.740314] c0 3136 (Compiler) [<ffffffc000656894>] sdhci_tasklet_finish+0xac/0x264
[   20.740352] c0 3136 (Compiler) [<ffffffc0000a2b58>] tasklet_action+0xa0/0x158
[   20.740382] c0 3136 (Compiler) [<ffffffc0000a2078>] __do_softirq+0x10c/0x2e4
[   20.740411] c0 3136 (Compiler) [<ffffffc0000a24bc>] irq_exit+0x8c/0xc0
[   20.740439] c0 3136 (Compiler) [<ffffffc00008489c>] handle_IRQ+0x48/0xac
[   20.740469] c0 3136 (Compiler) [<ffffffc000081428>] gic_handle_irq+0x38/0x7c
----------------------------------------------------------------------
Because in SMP, "mrq" has race condition between below two paths:
path1: CPU0: <tasklet context>
  static void mmc_wait_data_done(struct mmc_request *mrq)
  {
     mrq->host->context_info.is_done_rcv = true;
     //
     // If CPU0 has just finished "is_done_rcv = true" in path1, and at
     // this moment, IRQ or ICache line missing happens in CPU0.
     // What happens in CPU1 (path2)?
     //
     // If the mmcqd thread in CPU1(path2) hasn't entered to sleep mode:
     // path2 would have chance to break from wait_event_interruptible
     // in mmc_wait_for_data_req_done and continue to run for next
     // mmc_request (mmc_blk_rw_rq_prep).
     //
     // Within mmc_blk_rq_prep, mrq is cleared to 0.
     // If below line still gets host from "mrq" as the result of
     // compiler, the panic happens as we traced.
     wake_up_interruptible(&mrq->host->context_info.wait);
  }

path2: CPU1: <The mmcqd thread runs mmc_queue_thread>
  static int mmc_wait_for_data_req_done(...
  {
     ...
     while (1) {
           wait_event_interruptible(context_info->wait,
                   (context_info->is_done_rcv ||
                    context_info->is_new_req));
     	   static void mmc_blk_rw_rq_prep(...
           {
           ...
           memset(brq, 0, sizeof(struct mmc_blk_request));

This issue happens very coincidentally; however adding mdelay(1) in
mmc_wait_data_done as below could duplicate it easily.

   static void mmc_wait_data_done(struct mmc_request *mrq)
   {
     mrq->host->context_info.is_done_rcv = true;
+    mdelay(1);
     wake_up_interruptible(&mrq->host->context_info.wait);
    }

At runtime, IRQ or ICache line missing may just happen at the same place
of the mdelay(1).

This patch gets the mmc_context_info at the beginning of function, it can
avoid this race condition.

Signed-off-by: Jialing Fu <jlfu@marvell.com>
Tested-by: Shawn Lin <shawn.lin@rock-chips.com>
Fixes: 2220eedfd7 ("mmc: fix async request mechanism ....")
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
2015-08-31 09:20:16 +02:00
..
accessibility
acpi ACPI / PM: Use target_state to set the device power state 2015-07-28 16:29:08 +02:00
amba
android
ata Merge branch 'for-4.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2015-07-24 16:54:59 -07:00
atm
auxdisplay
base regmap: Fix handling of present bits on rbtree cache block resize 2015-08-12 09:06:39 -07:00
bcma
block zram: fix pool name truncation 2015-08-14 15:56:32 -07:00
bluetooth Bluetooth: btbcm: allow btbcm_read_verbose_config to fail on Apple 2015-07-14 22:54:55 +02:00
bus ARM: SoC: driver updates for v4.2 2015-06-26 11:54:29 -07:00
cdrom
char Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-08-03 10:53:58 -07:00
clk A one-liner for a regression found in the PXA clock driver. 2015-08-14 16:10:04 -07:00
clocksource clockevents/drivers/sh_cmt: Only perform clocksource suspend/resume if enabled 2015-08-08 10:50:08 +02:00
connector
cpufreq CPUFREQ: Loongson2: Fix broken build due to incorrect include. 2015-08-03 09:24:59 +02:00
cpuidle suspend-to-idle: Prevent RCU from complaining about tick_freeze() 2015-07-09 22:59:49 +02:00
crypto crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer 2015-07-23 18:09:18 +08:00
dca
devfreq
dio
dma dmaengine fixes for 4.2-rc5 2015-08-01 12:47:04 -07:00
dma-buf
edac EDAC, ppc4xx: Access mci->csrows array elements properly 2015-08-13 06:02:19 +02:00
eisa
extcon extcon: Fix extcon_cable_get_state() from getting old state after notification 2015-07-31 15:18:41 +09:00
firewire
firmware efi: Check for NULL efi kernel parameters 2015-07-30 18:07:11 +01:00
fmc
gpio Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-18 10:27:12 -07:00
gpu Revert "drm/nouveau/fifo/gk104: kick channels when deactivating them" 2015-08-14 09:50:37 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2015-08-10 15:16:48 -07:00
hsi Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
hv
hwmon hwmon: (g762) Export OF module alias information 2015-08-05 08:31:59 -07:00
hwspinlock hwspinlock: qcom: Correct msb in regmap_field 2015-07-01 16:15:05 +03:00
hwtracing/coresight
i2c i2c: fix leaked device refcount on of_find_i2c_* error path 2015-08-01 12:11:58 +02:00
ide Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
idle
iio iio:light:stk3310: make endianness independent of host 2015-07-19 14:54:45 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-29 09:54:40 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-08-09 09:38:42 +02:00
iommu iommu/amd: Allow non-ATS devices in IOMMUv2 domains 2015-07-31 15:15:41 +02:00
ipack
irqchip MIPS: SMP: Don't increment irq_count multiple times for call function IPIs 2015-08-03 09:25:12 +02:00
isdn isdn/gigaset: drop unused ldisc methods 2015-07-15 17:24:45 -07:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2015-07-01 19:09:11 -07:00
lguest Merge branch 'x86-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-06-22 17:59:09 -07:00
macintosh macintosh/ans-lcd: fix build failure after module_init/exit relocation 2015-07-23 20:00:35 +10:00
mailbox Replace module_init with appropriate alternate initcall in non modules. 2015-07-02 10:36:29 -07:00
mcb
md dm cache policy smq: move 'dm-cache-default' module alias to SMQ 2015-08-12 11:27:29 -04:00
media x86/mm/pat, drivers/media/ivtv: Move the PAT warning and replace WARN() with pr_warn() 2015-07-21 09:42:54 +02:00
memory memory: omap-gpmc: Don't try to save uninitialized GPMC context 2015-08-12 01:43:49 -07:00
memstick memstick: remove deprecated use of pci api 2015-06-30 19:44:57 -07:00
message
mfd - Fix dependency issues on ChromeOS platforms 2015-08-10 10:48:11 -07:00
misc Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2015-08-03 14:51:30 -07:00
mmc mmc: core: fix race condition in mmc_wait_data_done 2015-08-31 09:20:16 +02:00
mtd Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-08-13 10:46:39 -07:00
nfc Char/Misc driver patches for 4.2-rc1 2015-06-26 14:51:15 -07:00
ntb ntb: avoid format string in dev_set_name 2015-08-09 16:32:22 -04:00
nubus
nvdimm libnvdimm: fix namespace seed creation 2015-07-25 09:57:56 -07:00
of of: Drop owner assignment from platform and i2c driver 2015-07-27 08:24:39 -05:00
oprofile
parisc
parport parport: Revert "parport: fix memory leak" 2015-07-25 12:48:05 -07:00
pci Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
pcmcia Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
phy phy: ti-pipe3: i783 workaround for SATA lockup after dpll unlock/relock 2015-08-01 15:52:58 +05:30
pinctrl Pin control fixes for the v4.2 series: 2015-07-21 15:27:27 -07:00
platform - Fix dependency issues on ChromeOS platforms 2015-08-10 10:48:11 -07:00
pnp ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage 2015-07-06 23:52:21 +02:00
power Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.2-rc1 2015-06-23 13:32:38 -07:00
rapidio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-06-23 14:08:54 -07:00
ras
regulator Merge remote-tracking branches 'regulator/fix/88pm800', 'regulator/fix/max8973', 'regulator/fix/s2mps11' and 'regulator/fix/supply' into regulator-linus 2015-07-24 16:19:25 +01:00
remoteproc remoteproc: fix !CONFIG_OF build breakage 2015-06-18 11:44:41 +03:00
reset
rpmsg
rtc rtc: armada38x: Remove unused variable from armada38x_rtc_set_time() 2015-07-18 00:42:31 +02:00
s390 virtio/vhost: fixes for 4.2 2015-07-23 13:07:04 -07:00
sbus
scsi SCSI fixes on 20150814 2015-08-15 13:54:53 -07:00
sfi
sh Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
sn
soc ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
spi Merge remote-tracking branches 'spi/fix/gqspi', 'spi/fix/imx', 'spi/fix/mg-spfi' and 'spi/fix/spidev' into spi-linus 2015-07-24 16:19:50 +01:00
spmi
ssb
staging staging: lustre: Include unaligned.h instead of access_ok.h 2015-08-04 22:13:25 -07:00
target iscsi-target: Fix iser explicit logout TX kthread leak 2015-07-24 14:19:44 -07:00
tc
thermal Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal into for-rc 2015-08-03 23:11:25 +08:00
thunderbolt
tty tty: vt: Fix !TASK_RUNNING diagnostic warning from paste_selection() 2015-07-23 18:08:29 -07:00
uio
usb drivers/usb: Delete XHCI command timer if necessary 2015-08-03 14:41:48 -07:00
uwb
vfio vfio: Fix lockdep issue 2015-07-24 15:14:04 -06:00
vhost vhost: fix error handling for memory region alloc 2015-07-27 18:05:05 +03:00
video fbcon: unconditionally initialize cursor blink interval 2015-08-10 17:20:32 +03:00
virt
virtio virtio-input: reset device and detach unused during remove 2015-08-06 10:40:35 +03:00
vlynq
vme
w1
watchdog Update Viresh Kumar's email address 2015-07-17 16:39:53 -07:00
xen xen: bug fixes for 4.2-rc6 2015-08-13 13:36:22 -07:00
zorro
Kconfig libnvdimm, nfit: initial libnvdimm infrastructure and NFIT support 2015-06-24 21:24:10 -04:00
Makefile The libnvdimm sub-system introduces, in addition to the libnvdimm-core, 2015-06-29 10:34:42 -07:00