Re: IDE problems in 2.6.12-rc1-bk1 onwards (was Re: 2.6.12-rc3-mm1)

[Bartlomiej Zolnierkiewicz]

On 5/1/05, Richard Purdie <rpurdie@xxxxxxxxx> wrote:
> I've switched back to 2.6.12-rc3-mm1 and added some debuging to all the ide
> functions to trace the order functions are getting called. I've shown the
> result below for two different oops. There is more than one problem. The
> first problem was introduced in 2.6.12-rc1-bk1 in the ide-disk changes. The
> second has been around for a while but is showing up again.
>  
> The problem is idedisk_cleanup() gets called twice from ide_unregister().
> Once here:
> 
>  for (unit = 0; unit < MAX_DRIVES; ++unit) {
>   drive = &hwif->drives[unit];
>   if (!drive->present)
>    continue;
>   DRIVER(drive)->cleanup(drive);
>  }
> 
> and secondly in ide_unregister indirectly via:
> 
>   blk_cleanup_queue(drive->queue);
>   printk(KERN_ERR "ide_unregister4()\n");
>   device_unregister(&drive->gendev);
>   down(&drive->gendev_rel_sem);
>   spin_lock_irq(&ide_lock);
>   drive->queue = NULL;
>   printk(KERN_ERR "ide_unregister5()\n");
> 
> device_unregister()  triggers ide_drive_remove() which calls
> DRIVER(drive)->cleanup(drive);
> 
> In the first call to idedisk_cleanup(), ide_disk_put(idkp) is called which
> decreases the reference counter to zero. This triggers ide_disk_release()
> which calls kfree(idkp). Hence the second call to idedisk_cleanup() calls
> what is now a null pointer (or worse).

Thanks for excellent debugging.

Both problems should be fixed by "convert IDE device drivers to 
driver-model" patch but I need to resync it against latest kernels.

Bartlomiej
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/