Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:
 "MMC core:
   - Fix trivial typo in Kconfig
   - Fixup initialization of mmc block requests

  MMC host:
   - cavium: Fix use-after-free bug reported by KASAN"

* tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: cavium: Fix use-after-free in of_platform_device_destroy
  mmc: host: fix typo after MMC_DEBUG move
  mmc: block: Fix incorrectly initialized requests
Linus Torvalds 8 years ago
parent
0666f560b7 b917c6d18c
commit
ebb2c2437d
3 changed files with 12 additions and 3 deletions
Split View Show Diff Stats
  1. 6 1
      drivers/mmc/core/queue.c
  2. 1 1
      drivers/mmc/host/Kconfig
  3. 5 1
      drivers/mmc/host/cavium-thunderx.c

+ 6 - 1
drivers/mmc/core/queue.c
View File 

@@ -242,6 +242,12 @@ int mmc_init_queue(struct mmc_queue *mq, struct mmc_card *card,
 
 	if (mmc_dev(host)->dma_mask && *mmc_dev(host)->dma_mask)
 
 		limit = (u64)dma_max_pfn(mmc_dev(host)) << PAGE_SHIFT;
 
 
+	/*
 
+	 * mmc_init_request() depends on card->bouncesz so it must be calculated
 
+	 * before blk_init_allocated_queue() starts allocating requests.
 
+	 */
 
+	card->bouncesz = mmc_queue_calc_bouncesz(host);
 
+
 
 	mq->card = card;
 
 	mq->queue = blk_alloc_queue(GFP_KERNEL);
 
 	if (!mq->queue)
 
@@ -265,7 +271,6 @@ int mmc_init_queue(struct mmc_queue *mq, struct mmc_card *card,
 
 	if (mmc_can_erase(card))
 
 		mmc_queue_setup_discard(mq->queue, card);
 
 
-	card->bouncesz = mmc_queue_calc_bouncesz(host);
 
 	if (card->bouncesz) {
 
 		blk_queue_max_hw_sectors(mq->queue, card->bouncesz / 512);
 
 		blk_queue_max_segments(mq->queue, card->bouncesz / 512);

+ 1 - 1
drivers/mmc/host/Kconfig
View File 

@@ -5,7 +5,7 @@
 
 comment "MMC/SD/SDIO Host Controller Drivers"
 
 
 config MMC_DEBUG
 
-	bool "MMC host drivers debugginG"
 
+	bool "MMC host drivers debugging"
 
 	depends on MMC != n
 
 	help
 
 	  This is an option for use by developers; most people should

+ 5 - 1
drivers/mmc/host/cavium-thunderx.c
View File 

@@ -7,6 +7,7 @@
 
  *
 
  * Copyright (C) 2016 Cavium Inc.
 
  */
 
+#include <linux/device.h>
 
 #include <linux/dma-mapping.h>
 
 #include <linux/interrupt.h>
 
 #include <linux/mmc/mmc.h>
 
@@ -149,8 +150,11 @@ error:
 
 	for (i = 0; i < CAVIUM_MAX_MMC; i++) {
 
 		if (host->slot[i])
 
 			cvm_mmc_of_slot_remove(host->slot[i]);
 
-		if (host->slot_pdev[i])
 
+		if (host->slot_pdev[i]) {
 
+			get_device(&host->slot_pdev[i]->dev);
 
 			of_platform_device_destroy(&host->slot_pdev[i]->dev, NULL);
 
+			put_device(&host->slot_pdev[i]->dev);
 
+		}
 
 	}
 
 	clk_disable_unprepare(host->clk);
 
 	return ret;