From patchwork Wed Aug 21 12:42:37 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seungwon Jeon <tgih.jun@samsung.com>
X-Patchwork-Id: 2847706
Return-Path: <linux-mmc-owner@kernel.org>
X-Original-To: patchwork-linux-mmc@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 284839F271
	for <patchwork-linux-mmc@patchwork.kernel.org>;
	Wed, 21 Aug 2013 12:42:44 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id BF76A20504
	for <patchwork-linux-mmc@patchwork.kernel.org>;
	Wed, 21 Aug 2013 12:42:42 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 2FC6C204FE
	for <patchwork-linux-mmc@patchwork.kernel.org>;
	Wed, 21 Aug 2013 12:42:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751779Ab3HUMmk (ORCPT
	<rfc822;patchwork-linux-mmc@patchwork.kernel.org>);
	Wed, 21 Aug 2013 08:42:40 -0400
Received: from mailout3.samsung.com ([203.254.224.33]:38044 "EHLO
	mailout3.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751688Ab3HUMmj convert rfc822-to-8bit (ORCPT
	<rfc822; linux-mmc@vger.kernel.org>); Wed, 21 Aug 2013 08:42:39 -0400
Received: from epcpsbgr5.samsung.com
	(u145.gpu120.samsung.co.kr [203.254.230.145])
	by mailout3.samsung.com (Oracle Communications Messaging Server
	7u4-24.01 (7.0.4.24.0) 64bit (built Nov 17 2011))
	with ESMTP id <0MRV00D1ZSMY6MA0@mailout3.samsung.com> for
	linux-mmc@vger.kernel.org; Wed, 21 Aug 2013 21:42:37 +0900 (KST)
Received: from epcpsbgm1.samsung.com ( [203.254.230.49])
	by epcpsbgr5.samsung.com (EPCPMTA) with SMTP id 83.AE.11618.DB5B4125;
	Wed, 21 Aug 2013 21:42:37 +0900 (KST)
X-AuditID: cbfee691-b7fef6d000002d62-11-5214b5bd36ee
Received: from epmmp1.local.host ( [203.254.227.16])
	by epcpsbgm1.samsung.com (EPCPMTA) with SMTP id D6.E0.32250.DB5B4125;
	Wed, 21 Aug 2013 21:42:37 +0900 (KST)
Received: from DOTGIHJUN01 ([12.23.118.161])
	by mmp1.samsung.com (Oracle Communications Messaging Server 7u4-24.01
	(7.0.4.24.0) 64bit (built Nov 17 2011))
	with ESMTPA id <0MRV00B78SN1ZD90@mmp1.samsung.com>; Wed,
	21 Aug 2013 21:42:37 +0900 (KST)
From: Seungwon Jeon <tgih.jun@samsung.com>
To: linux-mmc@vger.kernel.org
Cc: 'Chris Ball' <cjb@laptop.org>, 'Alban Browaeys' <prahal@yahoo.com>,
	'Jaehoon Chung' <jh80.chung@samsung.com>
References: 
In-reply-to: 
Subject: [PATCH 3/3] mmc: card: fix the remove of blk on suspend
Date: Wed, 21 Aug 2013 21:42:37 +0900
Message-id: <002401ce9e6b$ea967020$bfc35060$%jun@samsung.com>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8BIT
X-Mailer: Microsoft Office Outlook 12.0
Thread-index: 
 Ac03z3aCvVFr8FaITt2vKVQKst76fw3Ogf7QC4iI1hAADVzV0BBOVxiAARu2RyAu12YtIA==
Content-language: ko
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFjrFIsWRmVeSWpSXmKPExsVy+t8zQ929W0WCDDoXmllsf72RzeLGrzZW
	iyP/+xkt3uzfy+zA4nHoylpGj74tqxg9Pm+S85g16zBTAEsUl01Kak5mWWqRvl0CV8aVNuGC
	nUYVb+8fZ25gnKHdxcjJISFgItHd/Y4JwhaTuHBvPVsXIxeHkMAyRonbvz+wwRRtm/wSKrGI
	UWL6wU2MEM4fRomm6xvYQarYBLQk/r55wwxiiwjISvz8cwGsm1mgSOLb1GagBg6gBm6J1c1B
	IGFOAR6JdX86wcqFBRwkJp9aBmazCKhKXDqxhxHE5hWwlWg9eYsJwhaU+DH5HgvIGGYBdYkp
	U3IhpmtLPHl3gRUkLAEUfvRXF+KACIkl/9ayQpSISOx78Q7sYgmBY+wSvT9nMkGsEpD4NvkQ
	C0SvrMSmA8wQ70pKHFxxg2UCo8QsJItnISyehWTxLCQbFjCyrGIUTS1ILihOSi8y1StOzC0u
	zUvXS87P3cQIiceJOxjvH7A+xJgMtH0is5Rocj4wnvNK4g2NzYwsTE1MjY3MLc1IE1YS51Vv
	sQ4UEkhPLEnNTk0tSC2KLyrNSS0+xMjEwSnVwNi8Ueu1yJUbwh56XZ+vyuldsavIWvbh3DbF
	vw5uFmVKcRuPN/Yu+jY7+0B90PvDOz4/5lq7R8Xx6I+3UauTqzVUjlo99eDs4de8eGMeq8Gm
	7YHL+uZzLP5iqn741s/OvBnVFdOZH0vPCxBW3juxYfpZsR8nN2y2rt6+7OWPaPW1207VTnF5
	HPFaiaU4I9FQi7moOBEAGBYBU90CAAA=
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFlrOKsWRmVeSWpSXmKPExsVy+t9jAd29W0WCDPa/NrDY/nojm8WNX22s
	Fkf+9zNavNm/l9mBxePQlbWMHn1bVjF6fN4k5zFr1mGmAJaoBkabjNTElNQihdS85PyUzLx0
	WyXv4HjneFMzA0NdQ0sLcyWFvMTcVFslF58AXbfMHKCdSgpliTmlQKGAxOJiJX07TBNCQ9x0
	LWAaI3R9Q4LgeowM0EDCOsaMK23CBTuNKt7eP87cwDhDu4uRk0NCwERi2+SXbBC2mMSFe+uB
	bC4OIYFFjBLTD25ihHD+MEo0Xd/ADlLFJqAl8ffNG2YQW0RAVuLnnwtg3cwCRRLfpjYDNXAA
	NXBLrG4OAglzCvBIrPvTCVYuLOAgMfnUMjCbRUBV4tKJPYwgNq+ArUTryVtMELagxI/J91hA
	xjALqEtMmZILMV1b4sm7C6wgYQmg8KO/uhAHREgs+beWFaJERGLfi3eMExiFZiEZNAth0Cwk
	g2Yh6VjAyLKKUTS1ILmgOCk911CvODG3uDQvXS85P3cTIzjan0ntYFzZYHGIUYCDUYmH94Ky
	SJAQa2JZcWXuIUYJDmYlEd5F1UAh3pTEyqrUovz4otKc1OJDjMlAb05klhJNzgcmorySeENj
	EzMjSyMzCyMTc3PShJXEeQ+0WgcKCaQnlqRmp6YWpBbBbGHi4JRqAJILjQ4ZLTDmOaz59MbK
	1W3LVtlq6DwOv1jz40ZB6LWr3xMuX23k5Yiu6fC8vsdasXS62gsp3397hCfvDOLxOn/40qpn
	jQJBs+ySvLzt5kbnWZYu+2H/9PyW8FmHrr6xdPU0TQlVMj1z81fln87FB+50xn05knAr7far
	Bft7dzzQP7FwR2mBlhJLcUaioRZzUXEiAByPD2M6AwAA
DLP-Filter: Pass
X-MTR: 20000000000000000@CPGS
X-CFilter-Loop: Reflected
Sender: linux-mmc-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-mmc.vger.kernel.org>
X-Mailing-List: linux-mmc@vger.kernel.org
X-Spam-Status: No, score=-9.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From 029a839ddf6f13a1e1a8bf4d4bc32b67712593ec Mon Sep 17 00:00:00 2001
From: Seungwon Jeon <tgih.jun@samsung.com>
Date: Wed, 21 Aug 2013 17:30:02 +0900
Subject: [PATCH 3/3] mmc: fix the remove of blk on suspend

As mmc_cleanup_queue() is moved, NULL pointer access to card of
mmc_queue is happened since commit fdfa20c1(mmc: reordered shutdown
sequence mmc_bld_remove_req).

Here, mmc_cleanup_queue is split into two parts.
One is to quit the mmc_queue and two is to clean up the resource
of mmc_queue.

The following is log message related to the problem.

Unable to handle kernel NULL pointer dereference at virtual address 000002a8
pgd = ecd9c000
[000002a8] *pgd=6d082831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
Modules linked in: bnep rfcomm smsc95xx usbnet mii bluetooth nfsd lockd nfs_acl exportfs auth_rpcgss sunrpc oid_registry vfat fat btrfs raid6_pq xor zlib_deflate
CPU: 3 PID: 2384 Comm: bash Not tainted 3.11.0-rc4-00869-ga7143f1-dirty #60
task: c46d9b00 ti: ecefc000 task.ti: ecefc000
PC is at mmc_blk_remove_req+0x58/0x88
LR is at _raw_spin_unlock_irqrestore+0xc/0x14
pc : [<c034e7d8>]    lr : [<c0494ac8>]    psr: 200f0053
sp : ecefddf8  ip : 00000000  fp : 000dc1e8
r10: c058ead8  r9 : ecce3f18  r8 : 00100100
r7 : 00200200  r6 : c26b7118  r5 : 00000000  r4 : c26b1dc0
r3 : 00000002  r2 : 00000000  r1 : 200f0053  r0 : 00000000
Flags: nzCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
Control: 10c5387d  Table: 6cd9c04a  DAC: 00000015
Process bash (pid: 2384, stack limit = 0xecefc240)
Stack: (0xecefddf8 to 0xecefe000)
<...>
[<c034e7d8>] (mmc_blk_remove_req+0x58/0x88) from [<c03512d0>]
(mmc_blk_remove_parts.isra.5+0x90/0xa8)
[<c03512d0>] (mmc_blk_remove_parts.isra.5+0x90/0xa8) from
[<c0351308>] (mmc_blk_remove+0x20/0x128)
[<c0351308>] (mmc_blk_remove+0x20/0x128) from [<c034409c>] (mmc_bus_remove+0x18/0x20)
[<c034409c>] (mmc_bus_remove+0x18/0x20) from [<c0265a20>] (__device_release_driver+0x7c/0xc8)
[<c0265a20>] (__device_release_driver+0x7c/0xc8) from [<c0265a88>] (device_release_driver+0x1c/0x28)
[<c0265a88>] (device_release_driver+0x1c/0x28) from [<c0265410>] (bus_remove_device+0x100/0x11c)
[<c0265410>] (bus_remove_device+0x100/0x11c) from [<c0262c04>] (device_del+0x110/0x174)
[<c0262c04>] (device_del+0x110/0x174) from [<c034463c>] (mmc_remove_card+0x64/0x78)
[<c034463c>] (mmc_remove_card+0x64/0x78) from [<c0345124>] (mmc_remove+0x24/0x30)
[<c0345124>] (mmc_remove+0x24/0x30) from [<c0343fb0>] (mmc_pm_notify+0x94/0xf8)
[<c0343fb0>] (mmc_pm_notify+0x94/0xf8) from [<c00413b4>] (notifier_call_chain+0x44/0x84)
[<c00413b4>] (notifier_call_chain+0x44/0x84) from [<c00417b4>] (__blocking_notifier_call_chain+0x48/0x60)
[<c00417b4>] (__blocking_notifier_call_chain+0x48/0x60) from [<c00417e4>] (blocking_notifier_call_chain+0x18/0x20)
[<c00417e4>] (blocking_notifier_call_chain+0x18/0x20) from [<c0059d48>] (pm_notifier_call_chain+0x14/0x2c)
[<c0059d48>] (pm_notifier_call_chain+0x14/0x2c) from [<c005aa9c>] (pm_suspend+0xac/0x24c)
[<c005aa9c>] (pm_suspend+0xac/0x24c) from [<c0059a68>] (state_store+0xb0/0xc4)
[<c0059a68>] (state_store+0xb0/0xc4) from [<c01d610c>] (kobj_attr_store+0x14/0x20)
[<c01d610c>] (kobj_attr_store+0x14/0x20) from [<c012b224>] (sysfs_write_file+0x118/0x164)
[<c012b224>] (sysfs_write_file+0x118/0x164) from [<c00d59d4>] (vfs_write+0xd8/0x178)
[<c00d59d4>] (vfs_write+0xd8/0x178) from [<c00d5d3c>] (SyS_write+0x40/0x68)
[<c00d5d3c>] (SyS_write+0x40/0x68) from [<c000ea20>] (ret_fast_syscall+0x0/0x30)
Code: ebfc509b e59432dc e3130002 0a000006 (e5d532a8)

Reported-by: Alban Browaeys <prahal@yahoo.com>
Signed-off-by: Seungwon Jeon <tgih.jun@samsung.com>
Acked-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
---
 drivers/mmc/card/block.c |    9 ++++++---
 drivers/mmc/card/queue.c |   11 ++++++++---
 drivers/mmc/card/queue.h |    1 +
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index cd0b7f4..1e6726d 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -2191,9 +2191,7 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md)
 		 * is freeing the queue that stops new requests
 		 * from being accepted.
 		 */
-		mmc_cleanup_queue(&md->queue);
-		if (md->flags & MMC_BLK_PACKED_CMD)
-			mmc_packed_clean(&md->queue);
+		mmc_quit_queue(&md->queue);
 		card = md->queue.card;
 		if (md->disk->flags & GENHD_FL_UP) {
 			device_remove_file(disk_to_dev(md->disk), &md->force_ro);
@@ -2204,6 +2202,11 @@ static void mmc_blk_remove_req(struct mmc_blk_data *md)
 
 			del_gendisk(md->disk);
 		}
+
+		mmc_cleanup_queue(&md->queue);
+		if (md->flags & MMC_BLK_PACKED_CMD)
+			mmc_packed_clean(&md->queue);
+
 		mmc_blk_put(md);
 	}
 }
diff --git a/drivers/mmc/card/queue.c b/drivers/mmc/card/queue.c
index fa9632e..82e5550 100644
--- a/drivers/mmc/card/queue.c
+++ b/drivers/mmc/card/queue.c
@@ -318,12 +318,10 @@ int mmc_init_queue(struct mmc_queue *mq, struct mmc_card *card,
 	return ret;
 }
 
-void mmc_cleanup_queue(struct mmc_queue *mq)
+void mmc_quit_queue(struct mmc_queue *mq)
 {
 	struct request_queue *q = mq->queue;
 	unsigned long flags;
-	struct mmc_queue_req *mqrq_cur = mq->mqrq_cur;
-	struct mmc_queue_req *mqrq_prev = mq->mqrq_prev;
 
 	/* Make sure the queue isn't suspended, as that will deadlock */
 	mmc_queue_resume(mq);
@@ -336,6 +334,13 @@ void mmc_cleanup_queue(struct mmc_queue *mq)
 	q->queuedata = NULL;
 	blk_start_queue(q);
 	spin_unlock_irqrestore(q->queue_lock, flags);
+}
+EXPORT_SYMBOL(mmc_quit_queue);
+
+void mmc_cleanup_queue(struct mmc_queue *mq)
+{
+	struct mmc_queue_req *mqrq_cur = mq->mqrq_cur;
+	struct mmc_queue_req *mqrq_prev = mq->mqrq_prev;
 
 	kfree(mqrq_cur->bounce_sg);
 	mqrq_cur->bounce_sg = NULL;
diff --git a/drivers/mmc/card/queue.h b/drivers/mmc/card/queue.h
index 5752d50..a3d89a2 100644
--- a/drivers/mmc/card/queue.h
+++ b/drivers/mmc/card/queue.h
@@ -61,6 +61,7 @@ struct mmc_queue {
 
 extern int mmc_init_queue(struct mmc_queue *, struct mmc_card *, spinlock_t *,
 			  const char *);
+extern void mmc_quit_queue(struct mmc_queue *);
 extern void mmc_cleanup_queue(struct mmc_queue *);
 extern void mmc_queue_suspend(struct mmc_queue *);
 extern void mmc_queue_resume(struct mmc_queue *);