lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 6 May 2020 18:30:48 +0200
From:   Ulf Hansson <>
To:     "" <>
Cc:     Raul Rangel <>,
        Avri Altman <>,
        kstewart <>,
        tglx <>, linux-mmc <>,
        linux-kernel <>
Subject: Re: Re: [PATCH] mmc/core:fix mmc_sd_hw_reset oops mmc_sd_hw_reset
 function may be oops if the ejection of sd and the reset of sd simultaneously occur

On Fri, 1 May 2020 at 19:18,
<> wrote:
>  it is a race condition,the situation as follows:
>         a                                                                           b
>  mmc_rescan
>      mmc_sd_detect
>           mmc_get_card
>               __mmc_reclaim_host
>           card is not present                                       __mmc_reclaim_host
>           mmc_put_card                                                 wait a __mmc_release_host
>               __mmc_release_host
>                     set b TASK_RUNNING
>           mmc_sd_remove

mmc_sd_remove() calls mmc_remove_card(), which calls device_del() on
the corresponding card->dev.

That leads to ->remove() callback gets invoked for card->dev (see
mmc_blk_remove()), which ideally should clean up everything mmc block
device related. In other words, beyond this point there should be no
thread/user that can call mmc_hw_reset() (which invokes

>                host->card =NULL
>                                                                                (b starts to run)
>                                                                                mmc_sd_hw_reset
>                                                                                    finds host->cards is NULL,then oops

So, from the above reasoning I need to ask, have you really seen the
NULL pointer exception happening? (then we need to look more closely
at mmc_blk_remove()) Or do you think there is a problem from a
code-inspection point of view?

Kind regards

Powered by blists - more mailing lists