public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* 2.6.13-rc6-mm2
@ 2005-08-23  4:30 Andrew Morton
  2005-08-23  8:57 ` 2.6.13-rc6-mm2 Grant.Coady
                   ` (7 more replies)
  0 siblings, 8 replies; 16+ messages in thread
From: Andrew Morton @ 2005-08-23  4:30 UTC (permalink / raw)
  To: linux-kernel


ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.13-rc6/2.6.13-rc6-mm2/

- Various updates.  Nothing terribly noteworthy.

- This kernel still spits a bunch of scheduling-while-atomic warnings from
  the scsi code.  Please ignore.


Changes since 2.6.13-rc6-mm1:


 linus.patch
 git-acpi.patch
 git-alsa.patch
 git-arm.patch
 git-cpufreq.patch
 git-cryptodev.patch
 git-drm.patch
 git-ia64.patch
 git-audit.patch
 git-input.patch
 git-kbuild.patch
 git-libata-all.patch
 git-mmc.patch
 git-mtd.patch
 git-netdev-all.patch
 git-net.patch
 git-ocfs2.patch
 git-serial.patch
 git-scsi-block.patch
 git-scsi-iscsi.patch
 git-scsi-iscsi-vs-git-net.patch
 git-scsi-misc.patch
 git-ucb.patch
 git-watchdog.patch

 Subsystem trees

-mobil-pentium-4-ht-and-the-nmi.patch
-sis190-must-select-mii.patch
-pci-pm-support-pm-cap-version-3.patch
-e1000-printk-warning-fix-2.patch
-r8169-pci-id-for-the-linksys-eg1032.patch
-driver-for-ibm-automatic-server-restart-watchdog.patch
-driver-for-ibm-automatic-server-restart-watchdog-fix.patch

 Merged

+preempt-race-in-getppid.patch

 getppid() fix

+md-make-sure-resync-gets-started-when-array-starts.patch
+gregkh-usb-usb-zd1201-kmalloc-size-fix.patch
+export-machine_power_off-on-ppc64.patch
+usbnet-oops-fix.patch
+x86_64-dont-oops-at-boot-when-empty-opteron-node-has-io.patch

 Fixes for 2.6.13.

+git-acpi-ia64-fix-2.patch

 Make git-acpi.patch compile (but not necessarily work) on ia64

+gregkh-driver-driver-kfree-check-cleanup.patch
+gregkh-driver-sysfs-write-ENOBUFS.patch
+gregkh-driver-klist-fix-semantics.patch

 driver tree additions

+driver-core-fix-bus_rescan_devices-race.patch

 Fix race in bus_rescan_devices()

+git-drm-drm_agpsupport-warning-fix.patch

 Fix warning in git-drm.patch

+gregkh-i2c-w1-10-crc16.patch
+gregkh-i2c-w1-11.patch
+gregkh-i2c-w1-12.patch

 i2c tree updates

+ia64-cpuset-build_sched_domains-mangles-structures.patch

 Fix sched domains on ia64 only.

+sata_sisc-introducing-device-id-0x182.patch

 New stat device ID (not for merging - just for keeping track of the
 shortcoming (but it probably works OK)).

-git-net-fixups.patch

 No longer needed

+negative-timer-loop-with-lots-of-ipv4-peers.patch

 Fix an ipv4 problem with tons of connections.

+ocfs2-prep.patch

 Revert earlier patches so that the ocfs2 patch applies without fuss.  Don't
 ask.

+gregkh-pci-pci-pm-support-pm-cap-version-3.patch
+gregkh-pci-pci-pci_walk_bus.patch
+gregkh-pci-pci-fix-hotplug-vars.patch

 PCI tree updates

+git-scsi-misc-ibmvscsi-fix.patch
+git-scsi-misc-ibmvscsi-fix-fix.patch

 Fix stuff in git-scsi-misc.patch

+gregkh-usb-usb-yealink-update.patch
+gregkh-usb-usb-storage-onetouch-cleanups.patch

 USB tree updates

+git-ucb.patch

 New arm-related tree from rmk.

+sparsemem-extreme-hotplug-preparation-fix.patch

 Fix sparsemem-extreme-hotplug-preparation.patch

+slab-removes-local_irq_save-local_irq_restore-pair.patch

 slab cleanup/speedup

+ppc32-fix-emac-tx-channel-assignments-for-npe405h.patch
+ppc32-fix-bamboo-and-luan-build-warnings.patch

 ppc32 updates

+mips-add-default-select-configs-for-vr41xx-fix.patch

 Fix mips-add-default-select-configs-for-vr41xx.patch

+mips-add-pcibios_select_root.patch
+mips-add-pcibios_bus_to_resource.patch
+mips-add-more-sys_support__kernel-and.patch

 MIPS updates

+i386-fix-incorrect-fp-signal-delivery.patch

 Fix x86 FP problem

+x86_64-fix-numa-node-sizing-in-nr_free_zone_pages.patch

 Might fix the x86_64 failure to calcluate the correct amount of system
 memory.

+swsusp-fix-error-handling-and-cleanups.patch

 swsusp fix

-fix-handling-in-parport_pc-init-code.patch

 Was wrong.

+arm26-one-g-is-enough-for-everyone.patch

 ARM build cleanup

+largefile-support-for-accounting.patch

 BSD accounting files can be big.

+fs-remove-redundant-timespec_equal-test-in-update_atime.patch

 Clean up update_atime()

+remove-a-redundant-variable-in-sys_prctl.patch
+remove-filef_maxcount.patch
+remove-the-second-arg-of-do_timer_interrupt.patch

 Cleanups

+fix-cramfs-making-duplicate-entries-in-inode-cache.patch
+fix-cramfs-making-duplicate-entries-in-inode-cache-tidy.patch

 cramfs fix

+race-condition-with-drivers-char-vtc-bug-in-vt_ioctlc.patch

 Fix vt race

+fix-send_sigqueue-vs-thread-exit-race.patch

 Fix signal handling race.

+adapt-scripts-ver_linux-to-new-util-linux-version-strings.patch

 ver_linux fix

+dmi-add-onboard-devices-discovery-fix.patch

 Fix dmi-add-onboard-devices-discovery.patch

+dvb-clarify-description-text-for-dvb-bt8xx-in-kconfig-fix.patch

 Update dvb-clarify-description-text-for-dvb-bt8xx-in-kconfig.patch

+yenta-auto-tune-ene-bridges-for-cb-cards.patch

 Yenta fix for weird bridge types

+ingo-nfs-stuff-fix.patch

 Fix ingo-nfs-stuff.patch

+nmi-lockup-and-altsysrq-p-dumping-calltraces-on-_all_-cpus-warning-fix.patch

 Fix nmi-lockup-and-altsysrq-p-dumping-calltraces-on-_all_-cpus.patch

+sysfs-crash-debugging-fix.patch

 Fix sysfs-crash-debugging.patch

+fbdev-resurrect-hooks-to-get-edid-from-firmware.patch
+fbdev-resurrect-hooks-to-get-edid-from-firmware-fix.patch
+savagefb-driver-updates.patch
+nvidiafb-fallback-to-firmware-edid.patch
+fbdev-fix-greater-than-1-bit-monochrome-color-handling.patch
+fbcon-saner-16-color-to-4-color-conversion.patch
+console-fix-buffer-copy-on-vc-resize.patch
+atyfb-remove-code-that-sets-sync-polarity-unconditionally.patch
+radeonfb_old-fix-broken-link.patch

 fbdev updates

+md-support-md-linear-array-with-components-greater-than-2-terabytes.patch
+md-raid1_quiesce-is-back-to-front-fix-it.patch
+md-make-sure-bitmap_daemon_work-actually-does-work.patch
+md-do-not-set-mddev-bitmap-until-bitmap-is-fully-initialised.patch
+md-allow-hot-adding-devices-to-arrays-with-non-persistant-superblocks.patch
+md-allow-md-to-load-a-superblock-with-feature-bit-1-set.patch
+md-fix-bitmap-read_sb_page-so-that-it-handles-errors-properly.patch

 RAID updates

+documentation-how-to-apply-patches-for-various-tree-fix.patch

 Update documentation-how-to-apply-patches-for-various-trees.patch

+docs-fix-misinformation-about.patch
+update-kfree-vfree-and-vunmap-kerneldoc.patch
+suspend-update-warnings-in-documentation.patch

 More documentation updates

+fbdev-update-framebuffer-feature-list.patch

 Update post-halloween-doc.patch for fbdev

+drivers-cdrom-fix-up-schedule_timeout-usage-fix.patch

 Fix drivers-cdrom-fix-up-schedule_timeout-usage.patch



All 1009 patches:


ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.13-rc6/2.6.13-rc6-mm2/patch-list


^ permalink raw reply	[flat|nested] 16+ messages in thread
* Re: 2.6.13-rc6-mm2
@ 2005-08-23 16:28 Daniel Ritz
  0 siblings, 0 replies; 16+ messages in thread
From: Daniel Ritz @ 2005-08-23 16:28 UTC (permalink / raw)
  To: Reuben Farrelly, Andrew Morton; +Cc: linux-kernel, Greg KH


> Yup, seems to be generally good...
> 
> Noticed this in the log earlier tonight:
> 
> Aug 23 19:44:51 tornado kernel: hub 5-0:1.0: port 1 disabled by hub (EMI?), 
> re-enabling...
> Aug 23 19:44:51 tornado kernel: usb 5-1: USB disconnect, address 2
> Aug 23 19:44:51 tornado kernel: drivers/usb/class/usblp.c: usblp0: removed
> Aug 23 19:44:51 tornado kernel: Unable to handle kernel NULL pointer 
> dereference at virtual address 00000004
> Aug 23 19:44:51 tornado kernel:  printing eip:
> Aug 23 19:44:51 tornado kernel: c01ccef2
> Aug 23 19:44:51 tornado kernel: *pde = 00000000
> Aug 23 19:44:51 tornado kernel: Oops: 0000 [#1]
> Aug 23 19:44:51 tornado kernel: SMP
> Aug 23 19:44:51 tornado kernel: last sysfs file: 
> /devices/pci0000:00/0000:00:1f.3/i2c-0/name
> Aug 23 19:44:51 tornado kernel: Modules linked in: nfsd exportfs lockd eeprom 
> sunrpc ipv6 iptable_filter binfmt_misc reiser4 zlib_de
> flate zlib_inflate dm_mod video thermal processor fan button ac tpm_nsc 
> i2c_i801 sky2 e100 sr_mod
> Aug 23 19:44:51 tornado kernel: CPU:    1
> Aug 23 19:44:51 tornado kernel: EIP:    0060:[<c01ccef2>]    Not tainted VLI
> Aug 23 19:44:51 tornado kernel: EFLAGS: 00010286   (2.6.13-rc6-mm2)
> Aug 23 19:44:51 tornado kernel: EIP is at _raw_spin_lock+0x7/0x73
> Aug 23 19:44:51 tornado kernel: eax: 00000000   ebx: 00000000   ecx: c1a60658 
>    edx: c1a63e24
> Aug 23 19:44:51 tornado kernel: esi: 00000000   edi: c0382400   ebp: f7c55e98 
>    esp: f7c55e90
> Aug 23 19:44:51 tornado kernel: ds: 007b   es: 007b   ss: 0068
> Aug 23 19:44:51 tornado kernel: Process khubd (pid: 109, threadinfo=f7c54000 
> task=c192b030)
> Aug 23 19:44:51 tornado kernel: Stack: f7c58a8c 00000000 f7c55ea0 c0312219 
> f7c55eb0 c030feb7 f7c58ae8 f7c58a48
> Aug 23 19:44:51 tornado kernel:        f7c55ec4 c0217e73 f7c58a48 f7d134ec 
> 00000040 f7c55ed0 c0217ec0 f7c58a48
> Aug 23 19:44:51 tornado kernel:        f7c55edc c0217814 f7c58a48 f7c55eec 
> c0216ad2 f7c58a48 f7c58a14 f7c55ef8
> Aug 23 19:44:51 tornado kernel: Call Trace:
> Aug 23 19:44:51 tornado kernel:  [<c01039c3>] show_stack+0x94/0xca
> Aug 23 19:44:51 tornado kernel:  [<c0103b6c>] show_registers+0x15a/0x1ea
> Aug 23 19:44:51 tornado kernel:  [<c0103d8a>] die+0x108/0x183
> Aug 23 19:44:51 tornado kernel:  [<c031295a>] do_page_fault+0x1ea/0x63d
> Aug 23 19:44:51 tornado kernel:  [<c0103693>] error_code+0x4f/0x54
> Aug 23 19:44:51 tornado kernel:  [<c0312219>] _spin_lock+0x8/0xa
> Aug 23 19:44:51 tornado kernel:  [<c030feb7>] klist_remove+0x10/0x2c
> Aug 23 19:44:51 tornado kernel:  [<c0217e73>] __device_release_driver+0x41/0x65
> Aug 23 19:44:51 tornado kernel:  [<c0217ec0>] device_release_driver+0x29/0x39
> Aug 23 19:44:51 tornado kernel:  [<c0217814>] bus_remove_device+0x52/0x60
> Aug 23 19:44:51 tornado kernel:  [<c0216ad2>] device_del+0x2e/0x5d
> Aug 23 19:44:51 tornado kernel:  [<c0216b0c>] device_unregister+0xb/0x15
> Aug 23 19:44:51 tornado kernel:  [<c0275d67>] usb_disconnect+0x115/0x15c
> Aug 23 19:44:51 tornado kernel:  [<c0276b85>] hub_port_connect_change+0x54/0x399
> Aug 23 19:44:51 tornado kernel:  [<c027713e>] hub_events+0x274/0x3b2
> Aug 23 19:44:51 tornado kernel:  [<c0277296>] hub_thread+0x1a/0xdf
> Aug 23 19:44:51 tornado kernel:  [<c012fba7>] kthread+0x99/0x9d
> Aug 23 19:44:51 tornado kernel:  [<c01010b5>] kernel_thread_helper+0x5/0xb
> Aug 23 19:44:51 tornado kernel: Code: 00 00 00 8b 0d a8 62 36 c0 e9 61 ff ff 
> ff f3 90 31 c0 86 07 84 c0 0f 8e 79 ff ff ff 83 c4 18 5
> b 5e 5f 5d c3 55 89 e5 56 53 89 c3 <81> 78 04 ad 4e ad de 75 2d be 00 e0 ff ff 
> 21 e6 8b 06 39 43 0c
> 
this one is my fault, caused by driver-core-fix-bus_rescan_devices-race.patch
problem is that USB is direclty messing with dev->driver and then calling
device_bind_driver() if the device is not already bound...
i think the correct solution would be a sane API here and disallow direct
messing with dev->driver...meanwhile the attached patch will do.

messing directly with dev->driver is especially bad if it's already set
to another driver. this leads to problems later in device_release_driver().

akpm: please replace driver-core-fix-bus_rescan_devices-race.patch with
the attached one.

rgds
-daniel

---
[PATCH] driver core: fix bus_rescan_devices() race.

bus_rescan_devices_helper() does not hold the dev->sem when it checks for
!dev->driver. device_attach() holds the sem, but calls again device_bind_driver()
even when dev->driver is set. what happens is that a first device_attach() call
(module insertion time) is on the way binding the device to a driver. another
thread calls bus_rescan_devices().  now when bus_rescan_devices_helper() checks
for dev->driver it is still NULL 'cos the the prior device_attach() is not yet
finished. but as soon as the first one releases the dev->sem the second
device_attach() tries to rebind the already bound device again.
device_bind_driver() does this blindly which leads to a corrupt
driver->klist_devices list (the device links itself, the head points to the
device). later a call to device_release_driver() sets dev->driver to NULL and
breaks the link it has to itself on knode_driver. rmmoding the driver later
calls driver_detach() which leads to an endless loop 'cos the list head in
klist_devices still points to the device. and since dev->driver is NULL it's
stuck with the same device forever. boom. and rmmod hangs.

very easy to reproduce with new-style pcmcia and a 16bit card. just loop
modprobe <pcmcia-modules> ;cardctl eject; rmmod <card driver, pcmcia modules>.

easiest fix is to check if the device is already bound to a driver in
device_bind_driver(). this avoids the double binding. nicer would be not to
call device_bind_driver() in device_attach() if dev->driver is set. but since
some drivers are messing with dev->driver directly this is not a good idea.

and while at it replace spin_(un|)lock_irq in driver_detach with the non-irq
variants. just doesn't make sense to me. the whole klist locking never uses the
irq variants.

Signed-off-by: Daniel Ritz <daniel.ritz@gmx.ch>

diff --git a/drivers/base/bus.c b/drivers/base/bus.c
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -485,8 +485,7 @@ void bus_remove_driver(struct device_dri
 /* Helper for bus_rescan_devices's iter */
 static int bus_rescan_devices_helper(struct device *dev, void *data)
 {
-	if (!dev->driver)
-		device_attach(dev);
+	device_attach(dev);
 	return 0;
 }
 
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -40,6 +40,9 @@
  */
 void device_bind_driver(struct device * dev)
 {
+	if (klist_node_attached(&dev->knode_driver))
+		return;
+
 	pr_debug("bound device '%s' to driver '%s'\n",
 		 dev->bus_id, dev->driver->name);
 	klist_add_tail(&dev->driver->klist_devices, &dev->knode_driver);
@@ -222,15 +225,15 @@ void driver_detach(struct device_driver 
 	struct device * dev;
 
 	for (;;) {
-		spin_lock_irq(&drv->klist_devices.k_lock);
+		spin_lock(&drv->klist_devices.k_lock);
 		if (list_empty(&drv->klist_devices.k_list)) {
-			spin_unlock_irq(&drv->klist_devices.k_lock);
+			spin_unlock(&drv->klist_devices.k_lock);
 			break;
 		}
 		dev = list_entry(drv->klist_devices.k_list.prev,
 				struct device, knode_driver.n_node);
 		get_device(dev);
-		spin_unlock_irq(&drv->klist_devices.k_lock);
+		spin_unlock(&drv->klist_devices.k_lock);
 
 		down(&dev->sem);
 		if (dev->driver == drv)

^ permalink raw reply	[flat|nested] 16+ messages in thread
end of thread, other threads:[~2005-09-01 21:21 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-23  4:30 2.6.13-rc6-mm2 Andrew Morton
2005-08-23  8:57 ` 2.6.13-rc6-mm2 Grant.Coady
2005-09-01  7:03   ` 2.6.13-rc6-mm2 Jean Delvare
2005-09-01 21:21     ` 2.6.13-rc6-mm2 Grant.Coady
2005-08-23 11:32 ` 2.6.13-rc6-mm2 Reuben Farrelly
2005-08-23 12:51 ` 2.6.13-rc6-mm2 (hangs on non-SMP x86-64 and oopses) Rafael J. Wysocki
2005-08-23 13:07   ` Ralf Baechle
2005-08-23 17:03 ` 2.6.13-rc6-mm2 - fs/xfs/xfs*.c warnings Damir Perisa
2005-08-23 19:25   ` 2.6.13-rc6-mm2 - complete list of warnings gcc 4.0.1 Damir Perisa
2005-08-23 17:27 ` 2.6.13-rc6-mm2 - drivers/net/s2io.o failed building Damir Perisa
2005-08-24 11:10 ` 2.6.13-rc6-mm2 doesn't compile on xtensa Adrian Bunk
2005-08-24 16:08   ` H. J. Lu
2005-08-24 14:14 ` [PATCH] mips: fix build warnings Yoichi Yuasa
2005-08-31 12:12 ` 2.6.13-rc6-mm2 - breaks USB unplug Marc Ballarin
2005-08-31 16:18   ` Daniel Ritz
  -- strict thread matches above, loose matches on Subject: below --
2005-08-23 16:28 2.6.13-rc6-mm2 Daniel Ritz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox