| Message ID | 20201216093146.6218-1-john.ernberg@actia.se |
|---|---|
| State | New |
| Headers | show |
| Series | [mmc-utils] rpmb: Zero-init MMC_IOC_MULTI_CMD structures | expand |
+ Avri On Wed, 16 Dec 2020 at 10:48, John Ernberg <john.ernberg@actia.se> wrote: > > On our board we would occationally see what looked like a > kernel hang while doing RPMB operations, some additional > printk debugging revealed that in the trouble case data > such as this was being sent to the kernel: > > [ 109.076981] idata[0]->ic->opcode = 0x19 > [ 109.077027] idata[0]->ic->arg = 0x0 > [ 109.080954] idata[0]->ic->write_flag = 0x1 > [ 109.084691] idata[0]->ic->is_acmd = 0x0 > [ 109.089007] idata[0]->ic->flags = 0xb5 > [ 109.092949] idata[0]->ic->blocks = 0x1 > [ 109.096865] idata[0]->ic->blksz = 0x200 > [ 109.100791] idata[0]->ic->postsleep_min_us = 0x7473696e > [ 109.104745] idata[0]->ic->postsleep_max_us = 0x34383370 > [ 109.110167] idata[0]->ic->data_timeout_ns = 0x7265632d > [ 109.115494] idata[0]->ic->data_ptr = 00000000e7ddd4cd > [ 109.120832] idata[0]->rpmb = 00000000ffab5640 > [ 109.126077] idata[1]->ic->opcode = 0x12 > [ 109.130622] idata[1]->ic->arg = 0x0 > [ 109.135451] idata[1]->ic->write_flag = 0x0 > [ 109.139153] idata[1]->ic->is_acmd = 0x0 > [ 109.143437] idata[1]->ic->flags = 0xb5 > [ 109.147553] idata[1]->ic->blocks = 0x1 > [ 109.151420] idata[1]->ic->blksz = 0x200 > [ 109.155251] idata[1]->ic->postsleep_min_us = 0x652d6873 > [ 109.159166] idata[1]->ic->postsleep_max_us = 0x35353264 > [ 109.164561] idata[1]->ic->data_timeout_ns = 0x632d3931 > [ 109.169915] idata[1]->ic->data_ptr = 00000000bc641ed4 > [ 109.175152] idata[1]->rpmb = 00000000ffab5640 > > Therefor, zero-init the MMC_IOC_MULTI_CMD structures to > avoid the obscene sleep values. > > Signed-off-by: John Ernberg <john.ernberg@actia.se> Applied to git.kernel.org/pub/scm/utils/mmc/mmc-utils.git master, thanks! Kind regards Uffe > --- > mmc_cmds.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mmc_cmds.c b/mmc_cmds.c > index fb37189..884cdf8 100644 > --- a/mmc_cmds.c > +++ b/mmc_cmds.c > @@ -1922,7 +1922,7 @@ static int do_rpmb_op(int fd, > > /* prepare arguments for MMC_IOC_MULTI_CMD ioctl */ > mioc = (struct mmc_ioc_multi_cmd *) > - malloc(sizeof (struct mmc_ioc_multi_cmd) + > + calloc(1, sizeof (struct mmc_ioc_multi_cmd) + > RPMB_MULTI_CMD_MAX_CMDS * sizeof (struct mmc_ioc_cmd)); > if (!mioc) { > return -ENOMEM; > -- > 2.29.2
diff --git a/mmc_cmds.c b/mmc_cmds.c index fb37189..884cdf8 100644 --- a/mmc_cmds.c +++ b/mmc_cmds.c @@ -1922,7 +1922,7 @@ static int do_rpmb_op(int fd, /* prepare arguments for MMC_IOC_MULTI_CMD ioctl */ mioc = (struct mmc_ioc_multi_cmd *) - malloc(sizeof (struct mmc_ioc_multi_cmd) + + calloc(1, sizeof (struct mmc_ioc_multi_cmd) + RPMB_MULTI_CMD_MAX_CMDS * sizeof (struct mmc_ioc_cmd)); if (!mioc) { return -ENOMEM;
On our board we would occationally see what looked like a kernel hang while doing RPMB operations, some additional printk debugging revealed that in the trouble case data such as this was being sent to the kernel: [ 109.076981] idata[0]->ic->opcode = 0x19 [ 109.077027] idata[0]->ic->arg = 0x0 [ 109.080954] idata[0]->ic->write_flag = 0x1 [ 109.084691] idata[0]->ic->is_acmd = 0x0 [ 109.089007] idata[0]->ic->flags = 0xb5 [ 109.092949] idata[0]->ic->blocks = 0x1 [ 109.096865] idata[0]->ic->blksz = 0x200 [ 109.100791] idata[0]->ic->postsleep_min_us = 0x7473696e [ 109.104745] idata[0]->ic->postsleep_max_us = 0x34383370 [ 109.110167] idata[0]->ic->data_timeout_ns = 0x7265632d [ 109.115494] idata[0]->ic->data_ptr = 00000000e7ddd4cd [ 109.120832] idata[0]->rpmb = 00000000ffab5640 [ 109.126077] idata[1]->ic->opcode = 0x12 [ 109.130622] idata[1]->ic->arg = 0x0 [ 109.135451] idata[1]->ic->write_flag = 0x0 [ 109.139153] idata[1]->ic->is_acmd = 0x0 [ 109.143437] idata[1]->ic->flags = 0xb5 [ 109.147553] idata[1]->ic->blocks = 0x1 [ 109.151420] idata[1]->ic->blksz = 0x200 [ 109.155251] idata[1]->ic->postsleep_min_us = 0x652d6873 [ 109.159166] idata[1]->ic->postsleep_max_us = 0x35353264 [ 109.164561] idata[1]->ic->data_timeout_ns = 0x632d3931 [ 109.169915] idata[1]->ic->data_ptr = 00000000bc641ed4 [ 109.175152] idata[1]->rpmb = 00000000ffab5640 Therefor, zero-init the MMC_IOC_MULTI_CMD structures to avoid the obscene sleep values. Signed-off-by: John Ernberg <john.ernberg@actia.se> --- mmc_cmds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)