Re: mmc/card/block.c : mmc_blk_open readonly mount bug?

From: Andrew Morton
Date: Thu Sep 04 2008 - 19:08:44 EST

Next message: Krzysztof Halasa: "Re: [PATCH] INITRAMFS: Add option to preserve mtime from INITRAMFS cpio images"
Previous message: Edgar Kalkowski: "PROBLEM: Kernel 2.6.26 oops if I unplug my Logitech USB 1.1 headset"
In reply to: sasin: "mmc/card/block.c : mmc_blk_open readonly mount bug?"
Next in thread: Pierre Ossman: "Re: mmc/card/block.c : mmc_blk_open readonly mount bug?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 4 Sep 2008 17:17:15 +0800
<sasin@xxxxxxxxxxxxxxxxxxx> wrote:

> mmc_block_open increments md->usage although it returns with -EROFS when
> default mounting a MMC/SD card with write protect switch on. This
> reference counting bug prevents /dev/mmcblkX from being released on card
> removal, and situation worsen with reinsertion until the minor number
> range runs out.
>
> "return -EROFS;"
>
> should be replaced by
>
> "
> {
> ret = -EROFS;
> mmc_blk_put(md);
> }
> "

It's unknown what kernel version you're looking at. The code in 2.6.25
and 2.6.26 and 2.6.27 has changed since then, but the bug appears to
still be there.

From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>

mmc_block_open() increments md->usage although it returns with -EROFS when
default mounting a MMC/SD card with write protect switch on. This
reference counting bug prevents /dev/mmcblkX from being released on card
removal, and situation worsen with reinsertion until the minor number
range runs out.

Reported-by: <sasin@xxxxxxxxxxxxxxxxxxx>
Cc: Pierre Ossman <drzeus-list@xxxxxxxxx>
Cc: <stable@xxxxxxxxxx> [2.6.25.x, 2.6.26.x]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

drivers/mmc/card/block.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff -puN drivers/mmc/card/block.c~drivers-mmc-card-blockc-fix-refcount-leak-in-mmc_block_open drivers/mmc/card/block.c
--- a/drivers/mmc/card/block.c~drivers-mmc-card-blockc-fix-refcount-leak-in-mmc_block_open
+++ a/drivers/mmc/card/block.c
@@ -103,8 +103,10 @@ static int mmc_blk_open(struct inode *in
check_disk_change(inode->i_bdev);
ret = 0;

- if ((filp->f_mode & FMODE_WRITE) && md->read_only)
+ if ((filp->f_mode & FMODE_WRITE) && md->read_only) {
+ mmc_blk_put(md);
ret = -EROFS;
+ }
}

return ret;
_

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Krzysztof Halasa: "Re: [PATCH] INITRAMFS: Add option to preserve mtime from INITRAMFS cpio images"
Previous message: Edgar Kalkowski: "PROBLEM: Kernel 2.6.26 oops if I unplug my Logitech USB 1.1 headset"
In reply to: sasin: "mmc/card/block.c : mmc_blk_open readonly mount bug?"
Next in thread: Pierre Ossman: "Re: mmc/card/block.c : mmc_blk_open readonly mount bug?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]