commit 99d7ab8db9 upstream.
The existing memstick core patch: commit 62c59a8786 ("memstick: Skip
allocating card when removing host") sets host->removing in
memstick_remove_host(),but still exists a critical time window where
memstick_check can run after host->eject is set but before removing is set.
In the rtsx_usb_ms driver, the problematic sequence is:
rtsx_usb_ms_drv_remove: memstick_check:
host->eject = true
cancel_work_sync(handle_req) if(!host->removing)
... memstick_alloc_card()
memstick_set_rw_addr()
memstick_new_req()
rtsx_usb_ms_request()
if(!host->eject)
skip schedule_work
wait_for_completion()
memstick_remove_host: [blocks indefinitely]
host->removing = true
flush_workqueue()
[block]
1. rtsx_usb_ms_drv_remove sets host->eject = true
2. cancel_work_sync(&host->handle_req) runs
3. memstick_check work may be executed here <-- danger window
4. memstick_remove_host sets removing = 1
During this window (step 3), memstick_check calls memstick_alloc_card,
which may indefinitely waiting for mrq_complete completion that will
never occur because rtsx_usb_ms_request sees eject=true and skips
scheduling work, memstick_set_rw_addr waits forever for completion.
This causes a deadlock when memstick_remove_host tries to flush_workqueue,
waiting for memstick_check to complete, while memstick_check is blocked
waiting for mrq_complete completion.
Fix this by setting removing=true at the start of rtsx_usb_ms_drv_remove,
before any work cancellation. This ensures memstick_check will see the
removing flag immediately and exit early, avoiding the deadlock.
Fixes: 62c59a8786 ("memstick: Skip allocating card when removing host")
Signed-off-by: Jiayi Li <lijiayi@kylinos.cn>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250804013604.1311218-1-lijiayi@kylinos.cn
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 21b34a3a20 upstream.
A new warning in clang [1] points out that id_reg is uninitialized then
passed to memstick_init_req() as a const pointer:
drivers/memstick/core/memstick.c:330:59: error: variable 'id_reg' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer]
330 | memstick_init_req(&card->current_mrq, MS_TPC_READ_REG, &id_reg,
| ^~~~~~
Commit de182cc8e8 ("drivers/memstick/core/memstick.c: avoid -Wnonnull
warning") intentionally passed this variable uninitialized to avoid an
-Wnonnull warning from a NULL value that was previously there because
id_reg is never read from the call to memstick_init_req() in
h_memstick_read_dev_id(). Just zero initialize id_reg to avoid the
warning, which is likely happening in the majority of builds using
modern compilers that support '-ftrivial-auto-var-init=zero'.
Cc: stable@vger.kernel.org
Fixes: de182cc8e8 ("drivers/memstick/core/memstick.c: avoid -Wnonnull warning")
Link: 00dacf8c22 [1]
Closes: https://github.com/ClangBuiltLinux/linux/issues/2105
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20250715-memstick-fix-uninit-const-pointer-v1-1-f6753829c27a@kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In the match() callback, the struct device_driver * should not be
changed, so change the function callback to be a const *. This is one
step of many towards making the driver core safe to have struct
device_driver in read-only memory.
Because the match() callback is in all busses, all busses are modified
to handle this properly. This does entail switching some container_of()
calls to container_of_const() to properly handle the constant *.
For some busses, like PCI and USB and HV, the const * is cast away in
the match callback as those busses do want to modify those structures at
this point in time (they have a local lock in the driver structure.)
That will have to be changed in the future if they wish to have their
struct device * in read-only-memory.
Cc: Rafael J. Wysocki <rafael@kernel.org>
Reviewed-by: Alex Elder <elder@kernel.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lore.kernel.org/r/2024070136-wrongdoer-busily-01e8@gregkh
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pull MMC updates from Ulf Hansson:
"MMC core:
- Drop the use of BLK_BOUNCE_HIGH
- Fix partition switch for GP3
- Remove usage of the deprecated ida_simple API
MMC host:
- cqhci: Update bouncing email-addresses in MAINTAINERS
- davinci_mmc: Use sg_miter for PIO
- dw_mmc-hi3798cv200: Convert the DT bindings to YAML
- dw_mmc-hi3798mv200: Add driver for the new dw_mmc variant
- fsl-imx-esdhc: A couple of corrections/updates to the DT bindings
- meson-mx-sdhc: Drop use of the ->card_hw_reset() callback
- moxart-mmc: Use sg_miter for PIO
- moxart-mmc: Fix accounting for DMA transfers
- mvsdio: Use sg_miter for PIO
- mxcmmc: Use sg_miter for PIO
- omap: Use sg_miter for PIO
- renesas,sdhi: Add support for R-Car V4M variant
- sdhci-esdhc-mcf: Use sg_miter for swapping
- sdhci-of-dwcmshc: Add support for Sophgo CV1800B and SG2002 variants
- sh_mmcif: Use sg_miter for PIO
- tmio: Avoid concurrent runs of mmc_request_done()"
* tag 'mmc-v6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (44 commits)
mmc: core: make mmc_host_class constant
mmc: core: Fix switch on gp3 partition
mmc: tmio: comment the ERR_PTR usage in this driver
mmc: mmc_spi: Don't mention DMA direction
mmc: dw_mmc: Remove unused of_gpio.h
mmc: dw_mmc: add support for hi3798mv200
dt-bindings: mmc: hisilicon,hi3798cv200-dw-mshc: add Hi3798MV200 binding
dt-bindings: mmc: dw-mshc-hi3798cv200: convert to YAML
mmc: dw_mmc-hi3798cv200: remove MODULE_ALIAS()
mmc: core: Use a struct device* as in-param to mmc_of_parse_clk_phase()
mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
mmc: tmio: avoid concurrent runs of mmc_request_done()
dt-bindings: mmc: fsl-imx-mmc: Document the required clocks
mmc: sh_mmcif: Advance sg_miter before reading blocks
mmc: sh_mmcif: sg_miter must not be atomic
mmc: sdhci-esdhc-mcf: Flag the sg_miter as atomic
dt-bindings: mmc: fsl-imx-esdhc: add default and 100mhz state
mmc: core: constify the struct device_type usage
mmc: sdhci-of-dwcmshc: Add support for Sophgo CV1800B and SG2002
dt-bindings: mmc: sdhci-of-dwcmhsc: Add Sophgo CV1800B and SG2002 support
...
Pull MMC updates from Ulf Hansson:
"MMC core:
- Extend slot-gpio to be used for host specific card detect interrupts
- Align to common busy polling behaviour for mmc ioctls
- Suggest the BFQ I/O scheduler to be built along with MMC/SD support
- Add devm_mmc_alloc_host() to enable further cleanups in host drivers
MMC host:
- atmel-mci: Fix race condition when stopping/starting a command
- dw_mmc-starfive: Add new driver to support the StarFive JH7110 variant
- dw_mmc-rockchip: Add support for the RK3588 variant
- jz4740: Add support for the vqmmc power supply
- meson-gx: Convert the DT bindings to the dt-schema
- meson-gx: Enable the platform interrupt to be used for card detect
- moxart: Set the supported maximum request/block/segment sizes
- renesas,sdhi: Add support for the RZ/V2M variants
- sdhci: Rework code to drop SDHCI_QUIRK_MISSING_CAPS
- sdhci-esdhc-imx: Improve tuning logic support
- sdhci-msm: Add support for the IPQ5332 and the IPQ9574 variants
- sdhci-of-dwcmshc: Add the missing device table IDs for acpi
- sdhci-of-dwcmshc: Improve clock support for the Rockchip variant
- sdhci-of-dwcmshc: Enable support of V4 host for the BlueField-3 variant
- sdhci-pxav2: Add support for the PXA168 V1 variant
- sdhci-pxav2: Add support for SDIO IRQs for the PXA168 V1 variant
- uniphier-sd: Add support for SD UHS-I speed modes"
* tag 'mmc-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (59 commits)
mmc: meson-gx: Use devm_platform_get_and_ioremap_resource()
mmc: meson-gx: constify member data of struct meson_host
mmc: meson-gx: use devm_clk_get_enabled() for core clock
mmc: core: fix return value check in devm_mmc_alloc_host()
dt-bindings: mmc: meson-gx: fix interrupt binding
mmc: meson-gx: support platform interrupt as card detect interrupt
dt-bindings: mmc: meson-gx: support specifying cd interrupt
mmc: core: support setting card detect interrupt from drivers
mmc: starfive: Add sdio/emmc driver support
dt-bindings: mmc: Add StarFive MMC module
dt-bindings: mmc: sdhci-msm: Allow 1 icc path
dt-bindings: mmc: rockchip-dw-mshc: Add RK3588 compatible string
mmc: core: Align to common busy polling behaviour for mmc ioctls
dt-bindings: mmc: Add resets property to cadence SDHCI binding
mmc: meson-gx: remove meson_mmc_get_cd
mmc: moxart: set maximum request/block/segment sizes
mmc: sdhci-brcmstb: Use devm_platform_get_and_ioremap_resource()
mmc: sdhci-of-dwcmshc: add the missing device table IDs for acpi
mmc: sdhci-of-dwcmshc: Update DLL and pre-change delay for rockchip platform
mmc: jz4740: Add support for vqmmc power supply
...
Pull MMC updates from Ulf Hansson:
"MMC core:
- Add support for the asynchronous SDIO wakeup interrupts
- Skip redundant evaluation of eMMC HS400 caps when no-MMC-cap
- Add support to store error stats from host drivers
- Extend debugfs to show error stats from host drivers
- Add single I/O read support in the recovery path for 4k sector cards
MMC host:
- dw_mmc-exynos: Convert corresponding DT bindings to the dtschema
- dw_mmc-rockchip: Add support for the Rockchip RV1126 variant
- mmc_spi: Convert corresponding DT bindings to the dtschema
- mtk-sd: Extend support for interrupts/pinctrls for SDIO low-power mode
- mtk-sd: Add support for SDIO wake irqs
- mtk-sd: Add support for the Mediatek MT8188 variant
- renesas_sdhi: Drop redundant manual tap correction for newer SoCs
- renesas_sdhi: Add support for the R-Car S4-8 and generic Gen4 variants
- sdhci/cqhci: Add support to capture stats from host errors
- sdhci-brcmstb: Add ability to increase max clock rate for SDIO on 72116b0
- sdhci-msm: Add support for the MSM8998 and SM8450 variant
- sdhci-of-at91: Fixup UHS-I mode by rewriting of MC1R
- sdhci-of-dwcmshc: Add support for the Rockchip rk3588 variant
- sdhci-of-dwcmshc: Enable reset support for the Rockchip variants
- sdhci-pci-gli: Improve I/O read/write performance for GL9763E
- sdhci-s3c: Convert corresponding DT bindings to the dtschema
- tmio: Avoid glitches when resetting
MEMSTICK core:
- A couple of minor fixes and cleanups"
* tag 'mmc-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (61 commits)
mmc: mediatek: add support for SDIO eint wakup IRQ
mmc: core: Add support for SDIO wakeup interrupt
dt-bindings: mmc: mtk-sd: extend interrupts and pinctrls properties
dt-bindings: mmc: rockchip-dw-mshc: Document Rockchip RV1126
mmc: renesas_sdhi: newer SoCs don't need manual tap correction
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
mmc: core: quirks: Add of_node_put() when breaking out of loop
mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume
dt-bindings: mmc: sdhci-msm: Document the SM8450 compatible
mmc: sdhci-msm: drop redundant of_device_id entries
dt-bindings: mmc: sdhci-msm: add MSM8998
mmc: block: Add single read for 4k sector cards
mmc: mxcmmc: Use mmc_card_sdio macro
mmc: core: Use mmc_card_* macro and add a new for the sd_combo type
dt-bindings: mmc: sdhci-msm: constrain reg-names per variants
dt-bindings: mmc: sdhci-msm: fix reg-names entries
dt-bindings: mmc: Add compatible for MediaTek MT8188
dt-bindings: mmc: sdhci-msm: document resets
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
...
Set the queue dying flag and call blk_mq_exit_queue from del_gendisk for
all disks that do not have separately allocated queues, and thus remove
the need to call blk_cleanup_queue for them.
Rename blk_cleanup_disk to blk_mq_destroy_queue to make it clear that
this function is intended only for separately allocated blk-mq queues.
This saves an extra queue freeze for devices without a separately
allocated queue.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20220619060552.1850436-6-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
clang-14 complains about a sanity check that always passes when the
page size is 64KB or larger:
drivers/memstick/core/ms_block.c:1739:21: error: result of comparison of constant 65536 with expression of type 'unsigned short' is always false [-Werror,-Wtautological-constant-out-of-range-compare]
if (msb->page_size > PAGE_SIZE) {
~~~~~~~~~~~~~~ ^ ~~~~~~~~~
This is fine, it will still work on all architectures, so just shut
up that warning with a cast.
Fixes: 0ab30494bc ("memstick: add support for legacy memorysticks")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210927094520.696665-1-arnd@kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
We never checked for errors on add_disk() as this function returned void.
Now that this is fixed, use the shiny new error handling.
Contrary to the typical removal which delays the put_disk() until later,
since we are failing on a probe we immediately put the disk on failure from
add_disk by using blk_cleanup_disk().
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20210902174105.2418771-4-mcgrof@kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
We never checked for errors on add_disk() as this function returned void.
Now that this is fixed, use the shiny new error handling.
Contrary to the typical removal which delays the put_disk() until later,
since we are failing on a probe we immediately put the disk on failure from
add_disk by using blk_cleanup_disk().
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20210902174105.2418771-3-mcgrof@kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Pull driver core updates from Greg KH:
"Here is the big set of driver core patches for 5.15-rc1.
These do change a number of different things across different
subsystems, and because of that, there were 2 stable tags created that
might have already come into your tree from different pulls that did
the following
- changed the bus remove callback to return void
- sysfs iomem_get_mapping rework
Other than those two things, there's only a few small things in here:
- kernfs performance improvements for huge numbers of sysfs users at
once
- tiny api cleanups
- other minor changes
All of these have been in linux-next for a while with no reported
problems, other than the before-mentioned merge issue"
* tag 'driver-core-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (33 commits)
MAINTAINERS: Add dri-devel for component.[hc]
driver core: platform: Remove platform_device_add_properties()
ARM: tegra: paz00: Handle device properties with software node API
bitmap: extend comment to bitmap_print_bitmask/list_to_buf
drivers/base/node.c: use bin_attribute to break the size limitation of cpumap ABI
topology: use bin_attribute to break the size limitation of cpumap ABI
lib: test_bitmap: add bitmap_print_bitmask/list_to_buf test cases
cpumask: introduce cpumap_print_list/bitmask_to_buf to support large bitmask and list
sysfs: Rename struct bin_attribute member to f_mapping
sysfs: Invoke iomem_get_mapping() from the sysfs open callback
debugfs: Return error during {full/open}_proxy_open() on rmmod
zorro: Drop useless (and hardly used) .driver member in struct zorro_dev
zorro: Simplify remove callback
sh: superhyway: Simplify check in remove callback
nubus: Simplify check in remove callback
nubus: Make struct nubus_driver::remove return void
kernfs: dont call d_splice_alias() under kernfs node lock
kernfs: use i_lock to protect concurrent inode updates
kernfs: switch kernfs to use an rwsem
kernfs: use VFS negative dentry caching
...
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
$ sed -e 's/^ /\t/' -i */Kconfig
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Pull MMC updates from Ulf Hansson:
"MMC core:
- Let the dma map ops deal with bouncing and drop dma_max_pfn() from
the dma-mapping interface for ARM
- Convert the generic MMC DT doc to YAML schemas
- Drop questionable support for powered-on re-init of SDIO cards at
runtime resume and for SDIO HW reset
- Prevent questionable re-init of powered-on removable SDIO cards at
system resume
- Cleanup and clarify some SDIO core code
MMC host:
- tmio: Make runtime PM enablement more flexible for variants
- tmio/renesas_sdhi: Rename DT doc tmio_mmc.txt to renesas,sdhi.txt
to clarify
- sdhci-pci: Add support for Intel EHL
- sdhci-pci-o2micro: Enable support for 8-bit bus
- sdhci-msm: Prevent acquiring a mutex while holding a spin_lock
- sdhci-of-esdhc: Improve clock management and tuning
- sdhci_am654: Enable support for 4 and 8-bit bus on J721E
- sdhci-sprd: Use pinctrl for a proper signal voltage switch
- sdhci-sprd: Add support for HS400 enhanced strobe mode
- sdhci-sprd: Enable PHY DLL and allow delay config to stabilize the
clock
- sdhci-sprd: Add support for optional gate clock
- sunxi-mmc: Convert DT doc to YAML schemas
- meson-gx: Add support for broken DRAM access for DMA
MEMSTICK core:
- Fixup error path of memstick_init()"
* tag 'mmc-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (52 commits)
mmc: sdhci_am654: Add dependency on MMC_SDHCI_AM654
mmc: alcor: remove a redundant greater or equal to zero comparison
mmc: sdhci-msm: fix mutex while in spinlock
mmc: sdhci_am654: Make some symbols static
dma-mapping: remove dma_max_pfn
mmc: core: let the dma map ops handle bouncing
dt-binding: mmc: rename tmio_mmc.txt to renesas,sdhi.txt
mmc: sdhci-sprd: Add pin control support for voltage switch
dt-bindings: mmc: sprd: Add pinctrl support
mmc: sdhci-sprd: Add start_signal_voltage_switch ops
mmc: sdhci-pci: Add support for Intel EHL
mmc: tmio: Use dma_max_mapping_size() instead of a workaround
mmc: sdio: Drop unused in-parameter from mmc_sdio_init_card()
mmc: sdio: Drop unused in-parameter to mmc_sdio_reinit_card()
mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume
mmc: sdio: Drop powered-on re-init at runtime resume and HW reset
mmc: sdio: Move comment about re-initialization to mmc_sdio_reinit_card()
mmc: sdio: Drop mmc_claim|release_host() in mmc_sdio_power_restore()
mmc: sdio: Turn sdio_run_irqs() into static
mmc: sdhci: Fix indenting on SDHCI_CTRL_8BITBUS
...
Based on 2 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation #
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Enrico Weigelt <info@metux.net>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
If bus_register fails. On its error handling path, it has cleaned up
what it has done. There is no need to call bus_unregister again.
Otherwise, if bus_unregister is called, issues such as null-ptr-deref
will arise.
Syzkaller report this:
kobject_add_internal failed for memstick (error: -12 parent: bus)
BUG: KASAN: null-ptr-deref in sysfs_remove_file_ns+0x1b/0x40 fs/sysfs/file.c:467
Read of size 8 at addr 0000000000000078 by task syz-executor.0/4460
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xa9/0x10e lib/dump_stack.c:113
__kasan_report+0x171/0x18d mm/kasan/report.c:321
kasan_report+0xe/0x20 mm/kasan/common.c:614
sysfs_remove_file_ns+0x1b/0x40 fs/sysfs/file.c:467
sysfs_remove_file include/linux/sysfs.h:519 [inline]
bus_remove_file+0x6c/0x90 drivers/base/bus.c:145
remove_probe_files drivers/base/bus.c:599 [inline]
bus_unregister+0x6e/0x100 drivers/base/bus.c:916 ? 0xffffffffc1590000
memstick_init+0x7a/0x1000 [memstick]
do_one_initcall+0xb9/0x3b5 init/main.c:914
do_init_module+0xe0/0x330 kernel/module.c:3468
load_module+0x38eb/0x4270 kernel/module.c:3819
__do_sys_finit_module+0x162/0x190 kernel/module.c:3909
do_syscall_64+0x72/0x2a0 arch/x86/entry/common.c:298
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: baf8532a14 ("memstick: initial commit for Sony MemoryStick support")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai26@huawei.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
We accidentally changed the error code from -EAGAIN to 1 when we did the
blk-mq conversion.
Maybe a contributing factor to this mistake is that it wasn't obvious
that the "while (chunk) {" condition is always true. I have cleaned
that up as well.
Fixes: d0be12274d ("mspro_block: convert to blk-mq")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Add SPDX license identifiers to all Make/Kconfig files which:
- Have no license information of any form
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:
GPL-2.0-only
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
