[PATCH] MMC: Fix race condition in resume/card detect code

From: Yauhen Kharuzhy
Date: Mon Oct 20 2008 - 15:42:14 EST

Next message: Christoph Lameter: "Re: SLUB defrag pull request?"
Previous message: crispin: "Re: [TOMOYO #11 (linux-next) 01/11] Introduce new LSM hooks wherevfsmount is available."
In reply to: Yauhen Kharuzhy: "Re: [PATCH] MMC: Fix race condition in resume/card detect code"
Next in thread: J.A. MagallÃn: "Re: [PATCH] MMC: Fix race condition in resume/card detect code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When device wakes up by card change interrupt and MMC_UNSAFE_RESUME is
enabled then race condition between mmc_rescan() and
mmc_resume()/mmc_sd_resume() appeared.

Resume functions can sleep into mmc_remove_card() and at this time
mmc_rescan() can be called by delayed work handler. Double-free of
kobject or double-remove of host->card can be result of this.

This patch adds an host->suspended flag which indicated that host is in
suspend state. mmc_rescan() checks it and returned when
host->suspended == 1. It's safe because resume code calls
mmc_detect_change() at end of resume process.

Signed-off-by: Yauhen Kharuzhy <jekhor@xxxxxxxxx>
---
drivers/mmc/core/core.c | 7 +++++++
include/linux/mmc/host.h | 3 +++
2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
index 044d84e..427f283 100644
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -657,6 +657,9 @@ void mmc_rescan(struct work_struct *work)
u32 ocr;
int err;

+ if (host->suspended)
+ return;
+
mmc_bus_get(host);

if (host->bus_ops == NULL) {
@@ -780,6 +783,8 @@ int mmc_suspend_host(struct mmc_host *host, pm_message_t state)

mmc_power_off(host);

+ host->suspended = 1;
+
return 0;
}

@@ -805,6 +810,8 @@ int mmc_resume_host(struct mmc_host *host)
*/
mmc_detect_change(host, 1);

+ host->suspended = 0;
+
return 0;
}

diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
index 9c288c9..a584239 100644
--- a/include/linux/mmc/host.h
+++ b/include/linux/mmc/host.h
@@ -139,6 +139,9 @@ struct mmc_host {
#ifdef CONFIG_MMC_DEBUG
unsigned int removed:1; /* host is being removed */
#endif
+#ifdef CONFIG_MMC_UNSAFE_RESUME
+ unsigned int suspended:1;
+#endif

struct mmc_card *card; /* device attached to this host */

--
1.5.6.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Lameter: "Re: SLUB defrag pull request?"
Previous message: crispin: "Re: [TOMOYO #11 (linux-next) 01/11] Introduce new LSM hooks wherevfsmount is available."
In reply to: Yauhen Kharuzhy: "Re: [PATCH] MMC: Fix race condition in resume/card detect code"
Next in thread: J.A. MagallÃn: "Re: [PATCH] MMC: Fix race condition in resume/card detect code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]