linux/drivers/mmc/core
Frank Li f06391c45e mmc: cqhci: Fix random crash when remove mmc module/card
[ 6684.493350] Unable to handle kernel paging request at virtual address ffff800011c5b0f0
[ 6684.498531] mmc0: card 0001 removed
[ 6684.501556] Mem abort info:
[ 6684.509681]   ESR = 0x96000047
[ 6684.512786]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 6684.518394]   SET = 0, FnV = 0
[ 6684.521707]   EA = 0, S1PTW = 0
[ 6684.524998] Data abort info:
[ 6684.528236]   ISV = 0, ISS = 0x00000047
[ 6684.532986]   CM = 0, WnR = 1
[ 6684.536129] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000081b22000
[ 6684.543923] [ffff800011c5b0f0] pgd=00000000bffff003, p4d=00000000bffff003, pud=00000000bfffe003, pmd=00000000900e1003, pte=0000000000000000
[ 6684.557915] Internal error: Oops: 96000047 [#1] PREEMPT SMP
[ 6684.564240] Modules linked in: sdhci_esdhc_imx(-) sdhci_pltfm sdhci cqhci mmc_block mmc_core fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine rng_core authenc libdes crct10dif_ce flexcan can_dev caam error [last unloaded: mmc_core]
[ 6684.587281] CPU: 0 PID: 79138 Comm: kworker/0:3H Not tainted 5.10.9-01410-g3ba33182767b-dirty #10
[ 6684.596160] Hardware name: Freescale i.MX8DXL EVK (DT)
[ 6684.601320] Workqueue: kblockd blk_mq_run_work_fn

[ 6684.606094] pstate: 40000005 (nZcv daif -PAN -UAO -TCO BTYPE=--)
[ 6684.612286] pc : cqhci_request+0x148/0x4e8 [cqhci]
^GMessage from syslogd@  at Thu Jan  1 01:51:24 1970 ...[ 6684.617085] lr : cqhci_request+0x314/0x4e8 [cqhci]
[ 6684.626734] sp : ffff80001243b9f0
[ 6684.630049] x29: ffff80001243b9f0 x28: ffff00002c3dd000
[ 6684.635367] x27: 0000000000000001 x26: 0000000000000001
[ 6684.640690] x25: ffff00002c451000 x24: 000000000000000f
[ 6684.646007] x23: ffff000017e71c80 x22: ffff00002c451000
[ 6684.651326] x21: ffff00002c0f3550 x20: ffff00002c0f3550
[ 6684.656651] x19: ffff000017d46880 x18: ffff00002cea1500
[ 6684.661977] x17: 0000000000000000 x16: 0000000000000000
[ 6684.667294] x15: 000001ee628e3ed1 x14: 0000000000000278
[ 6684.672610] x13: 0000000000000001 x12: 0000000000000001
[ 6684.677927] x11: 0000000000000000 x10: 0000000000000000
[ 6684.683243] x9 : 000000000000002b x8 : 0000000000001000
[ 6684.688560] x7 : 0000000000000010 x6 : ffff00002c0f3678
[ 6684.693886] x5 : 000000000000000f x4 : ffff800011c5b000
[ 6684.699211] x3 : 000000000002d988 x2 : 0000000000000008
[ 6684.704537] x1 : 00000000000000f0 x0 : 0002d9880008102f
[ 6684.709854] Call trace:
[ 6684.712313]  cqhci_request+0x148/0x4e8 [cqhci]
[ 6684.716803]  mmc_cqe_start_req+0x58/0x68 [mmc_core]
[ 6684.721698]  mmc_blk_mq_issue_rq+0x460/0x810 [mmc_block]
[ 6684.727018]  mmc_mq_queue_rq+0x118/0x2b0 [mmc_block]

The problem occurs when cqhci_request() get called after cqhci_disable() as
it leads to access of allocated memory that has already been freed. Let's
fix the problem by calling cqhci_disable() a bit later in the remove path.

Signed-off-by: Frank Li <Frank.Li@nxp.com>
Diagnosed-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20210303174248.542175-1-Frank.Li@nxp.com
Fixes: f690f4409d ("mmc: mmc: Enable CQE's")
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
2021-03-09 10:00:52 +01:00
..
Kconfig mmc: core: Add basic support for inline encryption 2021-02-01 12:02:33 +01:00
Makefile mmc: core: Add basic support for inline encryption 2021-02-01 12:02:33 +01:00
block.c MMC core: 2021-02-22 09:05:28 -08:00
block.h mmc: block: Remove code no longer needed after the switch to blk-mq 2017-12-11 13:02:22 +01:00
bus.c mmc: cqhci: Fix random crash when remove mmc module/card 2021-03-09 10:00:52 +01:00
bus.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
card.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
core.c mmc: core: Add basic support for inline encryption 2021-02-01 12:02:33 +01:00
core.h mmc: core: Re-work HW reset for SDIO cards 2019-11-14 16:28:56 +01:00
crypto.c mmc: core: Add basic support for inline encryption 2021-02-01 12:02:33 +01:00
crypto.h mmc: core: Add basic support for inline encryption 2021-02-01 12:02:33 +01:00
debugfs.c mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE 2020-05-28 11:21:01 +02:00
host.c mmc: core: Add basic support for inline encryption 2021-02-01 12:02:33 +01:00
host.h mmc: core: Initial support for SD express card/host 2020-11-16 11:59:28 +01:00
mmc.c mmc: core: Fix partition switch time for eMMC 2021-03-09 10:00:52 +01:00
mmc_ops.c mmc: core: Use host instead of card argument to mmc_spi_send_csd() 2021-02-08 11:00:33 +01:00
mmc_ops.h mmc: core: Re-work the code for eMMC sanitize 2020-03-26 14:45:31 +01:00
mmc_test.c mmc: mmc_test: use erase_arg for mmc_erase command 2021-02-12 12:07:03 +01:00
pwrseq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
pwrseq.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
pwrseq_emmc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
pwrseq_sd8787.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
pwrseq_simple.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
queue.c mmc: queue: Remove unused define 2021-02-08 12:56:52 +01:00
queue.h mmc: queue: Remove unused define 2021-02-08 12:56:52 +01:00
quirks.h mmc: core: Mark fixups as __maybe_unused 2020-07-13 12:18:25 +02:00
regulator.c mmc: core: Add missing documetation for 'mmc' and 'ios' 2020-07-13 12:18:25 +02:00
sd.c mmc: core: remove unused host parameter of mmc_sd_get_csd() 2021-02-01 11:54:48 +01:00
sd.h mmc: core: remove unused host parameter of mmc_sd_get_csd() 2021-02-01 11:54:48 +01:00
sd_ops.c mmc: core: Initial support for SD express card/host 2020-11-16 11:59:28 +01:00
sd_ops.h mmc: core: Initial support for SD express card/host 2020-11-16 11:59:28 +01:00
sdio.c mmc: core: remove unused host parameter of mmc_sd_get_csd() 2021-02-01 11:54:48 +01:00
sdio_bus.c mmc: sdio: Export SDIO revision and info strings to userspace 2020-09-07 09:11:29 +02:00
sdio_bus.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sdio_cis.c mmc: core: Limit retries when analyse of SDIO tuples fails 2021-02-01 11:13:06 +01:00
sdio_cis.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sdio_io.c mmc: core: Provide description for sdio_set_host_pm_flags()'s 'flag' arg 2020-07-13 12:18:25 +02:00
sdio_irq.c sched,mmc: Convert to sched_set_fifo*() 2020-06-15 14:10:22 +02:00
sdio_ops.c mmc: sdio: Use mmc_pre_req() / mmc_post_req() 2020-09-07 08:57:44 +02:00
sdio_ops.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sdio_uart.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
slot-gpio.c mmc: core: Remove mmc_gpiod_request_*(invert_gpio) 2019-12-18 13:37:07 +01:00
slot-gpio.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00