| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c7e98e11-38d2-40b4-a7d0-3a884cf8d8b8@intel.com>
Date: Fri, 7 Mar 2025 14:36:09 +0200
From: Adrian Hunter <adrian.hunter@...el.com>
To: Oleksij Rempel <o.rempel@...gutronix.de>, Ulf Hansson
<ulf.hansson@...aro.org>
CC: <kernel@...gutronix.de>, <linux-kernel@...r.kernel.org>,
<linux-mmc@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Mark Brown <broonie@...nel.org>, "Rafael J. Wysocki" <rafael@...nel.org>,
Søren Andersen <san@...v.dk>, Christian Loehle
<christian.loehle@....com>
Subject: Re: [PATCH v3 6/6] mmc: sdhci: prevent command execution after
undervoltage shutdown
On 21/02/25 11:39, Oleksij Rempel wrote:
> Introduce an emergency_stop flag in struct mmc_host to block further
> MMC/SD commands after an undervoltage shutdown. If emergency_stop is
> set, sdhci_send_command() will reject new requests with -EBUSY and log a
> warning. This helps diagnose and identify code paths that may still
> attempt writes after the undervoltage shutdown sequence has completed.
>
> Signed-off-by: Oleksij Rempel <o.rempel@...gutronix.de>
> ---
> changes v3:
> - add comments
> ---
> drivers/mmc/core/mmc.c | 7 +++++++
> drivers/mmc/host/sdhci.c | 9 +++++++++
> include/linux/mmc/host.h | 1 +
> 3 files changed, 17 insertions(+)
>
> diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
> index a50cdd550a22..0cd6b81d0678 100644
> --- a/drivers/mmc/core/mmc.c
> +++ b/drivers/mmc/core/mmc.c
> @@ -2370,6 +2370,13 @@ static int _mmc_handle_undervoltage(struct mmc_host *host)
> */
> mmc_card_set_removed(card);
>
> + /*
> + * Signal the host controller driver that we are in emergency stop mode.
> + * This prevents any new storage requests from being issued, ensuring
> + * that no further operations take place while in this state.
> + */
> + host->emergency_stop = true;
> +
> return err;
> }
>
> diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
> index f4a7733a8ad2..8d67f27e7d9e 100644
> --- a/drivers/mmc/host/sdhci.c
> +++ b/drivers/mmc/host/sdhci.c
> @@ -1658,6 +1658,15 @@ static bool sdhci_send_command(struct sdhci_host *host, struct mmc_command *cmd)
>
> WARN_ON(host->cmd);
>
> + if (host->mmc->emergency_stop) {
This is unnecessary.
The host controller driver should not have to block requests
because the mmc core layer should not be requesting them.
We definitely wouldn't want to be duplicating this code in
every host controller driver, so let's not start.
> + pr_warn("%s: Ignoring normal request, emergency stop is active\n",
> + mmc_hostname(host->mmc));
> + WARN_ON_ONCE(1);
> +
> + cmd->error = -EBUSY;
> + return true;
> + }
> +
> /* Initially, a command has no error */
> cmd->error = 0;
>
> diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
> index 4e147ad82804..5dfe2cdde59f 100644
> --- a/include/linux/mmc/host.h
> +++ b/include/linux/mmc/host.h
> @@ -501,6 +501,7 @@ struct mmc_host {
> unsigned int can_dma_map_merge:1; /* merging can be used */
> unsigned int vqmmc_enabled:1; /* vqmmc regulator is enabled */
> unsigned int undervoltage:1; /* Undervoltage state */
> + unsigned int emergency_stop:1; /* Emergency stop. No transfers are allowed. */
>
> int rescan_disable; /* disable card detection */
> int rescan_entered; /* used with nonremovable devices */
Powered by blists - more mailing lists