From 7d92df692994472cab6045bbd9d0e2c4afa4365f Mon Sep 17 00:00:00 2001 From: Anna Lemehova Date: Fri, 8 Jan 2010 14:42:58 -0800 Subject: mmc_block: add dev_t initialization check When a card is removed before mmc_blk_probe() has called add_disk(), then the minor field is uninitialized and has value 0. This caused mmc_blk_put() to always release devidx 0 even if 0 was still in use. Then the next mmc_blk_probe() used the first free idx of 0, which oopses in sysfs, since it is used by another card. Signed-off-by: Anna Lemehova Signed-off-by: Adrian Hunter Cc: Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/mmc/card/block.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'drivers/mmc/card/block.c') diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 85f0e8cd875..5988573bb84 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -85,7 +85,12 @@ static void mmc_blk_put(struct mmc_blk_data *md) mutex_lock(&open_lock); md->usage--; if (md->usage == 0) { + int devmaj = MAJOR(disk_devt(md->disk)); int devidx = MINOR(disk_devt(md->disk)) >> MMC_SHIFT; + + if (!devmaj) + devidx = md->disk->first_minor >> MMC_SHIFT; + __clear_bit(devidx, dev_use); put_disk(md->disk); -- cgit v1.2.3-70-g09d2 From 0a74ff29b8dd8b748f8856352f9a9b5c6cc362cc Mon Sep 17 00:00:00 2001 From: Jarkko Lavinen Date: Fri, 8 Jan 2010 14:42:59 -0800 Subject: mmc_block: fix probe error cleanup bug If mmc_blk_set_blksize() fails mmc_blk_probe() the request queue and its thread have been set up and they need to be shut down properly before putting the disk. Signed-off-by: Jarkko Lavinen Signed-off-by: Adrian Hunter Cc: Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/mmc/card/block.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/mmc/card/block.c') diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 5988573bb84..ee879117017 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -618,6 +618,7 @@ static int mmc_blk_probe(struct mmc_card *card) return 0; out: + mmc_cleanup_queue(&md->queue); mmc_blk_put(md); return err; -- cgit v1.2.3-70-g09d2 From 5fa83ce284a4b7cd9dcfadd01500b0ed4ab9b740 Mon Sep 17 00:00:00 2001 From: Adrian Hunter Date: Fri, 8 Jan 2010 14:43:00 -0800 Subject: mmc_block: fix queue cleanup The main bug was that 'blk_cleanup_queue()' was called while the block device could still be in use, for example, because the card was removed while files were still open. In addition, to be sure that 'mmc_request()' will get called for all new requests (so it can error them out), the queue is emptied during cleanup. This is done after the worker thread is stopped to avoid racing with it. Finally, it is not a device error for this to be happening, so quiet the (sometimes very many) error messages. Signed-off-by: Adrian Hunter Cc: Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/mmc/card/block.c | 2 ++ drivers/mmc/card/queue.c | 18 +++++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) (limited to 'drivers/mmc/card/block.c') diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index ee879117017..1f552c6e757 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -91,6 +91,8 @@ static void mmc_blk_put(struct mmc_blk_data *md) if (!devmaj) devidx = md->disk->first_minor >> MMC_SHIFT; + blk_cleanup_queue(md->queue.queue); + __clear_bit(devidx, dev_use); put_disk(md->disk); diff --git a/drivers/mmc/card/queue.c b/drivers/mmc/card/queue.c index 49e582356c6..c5a7a855f4b 100644 --- a/drivers/mmc/card/queue.c +++ b/drivers/mmc/card/queue.c @@ -90,9 +90,10 @@ static void mmc_request(struct request_queue *q) struct request *req; if (!mq) { - printk(KERN_ERR "MMC: killing requests for dead queue\n"); - while ((req = blk_fetch_request(q)) != NULL) + while ((req = blk_fetch_request(q)) != NULL) { + req->cmd_flags |= REQ_QUIET; __blk_end_request_all(req, -EIO); + } return; } @@ -223,17 +224,18 @@ void mmc_cleanup_queue(struct mmc_queue *mq) struct request_queue *q = mq->queue; unsigned long flags; - /* Mark that we should start throwing out stragglers */ - spin_lock_irqsave(q->queue_lock, flags); - q->queuedata = NULL; - spin_unlock_irqrestore(q->queue_lock, flags); - /* Make sure the queue isn't suspended, as that will deadlock */ mmc_queue_resume(mq); /* Then terminate our worker thread */ kthread_stop(mq->thread); + /* Empty the queue */ + spin_lock_irqsave(q->queue_lock, flags); + q->queuedata = NULL; + blk_start_queue(q); + spin_unlock_irqrestore(q->queue_lock, flags); + if (mq->bounce_sg) kfree(mq->bounce_sg); mq->bounce_sg = NULL; @@ -245,8 +247,6 @@ void mmc_cleanup_queue(struct mmc_queue *mq) kfree(mq->bounce_buf); mq->bounce_buf = NULL; - blk_cleanup_queue(mq->queue); - mq->card = NULL; } EXPORT_SYMBOL(mmc_cleanup_queue); -- cgit v1.2.3-70-g09d2