aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2008-02-27 16:14:27 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2008-03-02 06:35:46 -0500
commit855c603d61ede7e2810217f15f0d574b4f29c891 (patch)
treefb5c1ad387a48fb659da98aff66058a7d94fa4c0
parent15803478fdea964e5f76079851fcd13068208d5d (diff)
firewire: fix crash in automatic module unloading
"modprobe firewire-ohci; sleep .1; modprobe -r firewire-ohci" used to result in crashes like this: BUG: unable to handle kernel paging request at ffffffff8807b455 IP: [<ffffffff8807b455>] PGD 203067 PUD 207063 PMD 7c170067 PTE 0 Oops: 0010 [1] PREEMPT SMP CPU 0 Modules linked in: i915 drm cpufreq_ondemand acpi_cpufreq freq_table applesmc input_polldev led_class coretemp hwmon eeprom snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss button thermal processor sg snd_hda_intel snd_pcm snd_timer snd snd_page_alloc sky2 i2c_i801 rtc [last unloaded: crc_itu_t] Pid: 9, comm: events/0 Not tainted 2.6.25-rc2 #3 RIP: 0010:[<ffffffff8807b455>] [<ffffffff8807b455>] RSP: 0018:ffff81007dcdde88 EFLAGS: 00010246 RAX: ffff81007dc95040 RBX: ffff81007dee5390 RCX: 0000000000005e13 RDX: 0000000000008c8b RSI: 0000000000000001 RDI: ffff81007dee5388 RBP: ffff81007dc5eb40 R08: 0000000000000002 R09: ffffffff8022d05c R10: ffffffff8023b34c R11: ffffffff8041a353 R12: ffff81007dee5388 R13: ffffffff8807b455 R14: ffffffff80593bc0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffffff8055a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: ffffffff8807b455 CR3: 0000000000201000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process events/0 (pid: 9, threadinfo ffff81007dcdc000, task ffff81007dc95040) Stack: ffffffff8023b396 ffffffff88082524 0000000000000000 ffffffff8807d9ae ffff81007dc5eb40 ffff81007dc9dce0 ffff81007dc5eb40 ffff81007dc5eb80 ffff81007dc9dce0 ffffffffffffffff ffffffff8023be87 0000000000000000 Call Trace: [<ffffffff8023b396>] ? run_workqueue+0xdf/0x1df [<ffffffff8023be87>] ? worker_thread+0xd8/0xe3 [<ffffffff8023e917>] ? autoremove_wake_function+0x0/0x2e [<ffffffff8023bdaf>] ? worker_thread+0x0/0xe3 [<ffffffff8023e813>] ? kthread+0x47/0x74 [<ffffffff804198e0>] ? trace_hardirqs_on_thunk+0x35/0x3a [<ffffffff8020c008>] ? child_rip+0xa/0x12 [<ffffffff8020b6e3>] ? restore_args+0x0/0x3d [<ffffffff8023e68a>] ? kthreadd+0x14c/0x171 [<ffffffff8023e68a>] ? kthreadd+0x14c/0x171 [<ffffffff8023e7cc>] ? kthread+0x0/0x74 [<ffffffff8020bffe>] ? child_rip+0x0/0x12 Code: Bad RIP value. RIP [<ffffffff8807b455>] RSP <ffff81007dcdde88> CR2: ffffffff8807b455 ---[ end trace c7366c6657fe5bed ]--- Note that this crash happened _after_ firewire-core was unloaded. The shared workqueue tried to run firewire-core's device initialization jobs or similar jobs. The fix makes sure that firewire-ohci and hence firewire-core is not unloaded before all device shutdown jobs have been completed. This is determined by the count of device initializations minus device releases. Also skip useless retries in the node initialization job if the node is to be shut down. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Jarod Wilson <jwilson@redhat.com>
-rw-r--r--drivers/firewire/fw-card.c10
-rw-r--r--drivers/firewire/fw-device.c21
-rw-r--r--drivers/firewire/fw-device.h16
-rw-r--r--drivers/firewire/fw-sbp2.c4
-rw-r--r--drivers/firewire/fw-transaction.h2
5 files changed, 35 insertions, 18 deletions
diff --git a/drivers/firewire/fw-card.c b/drivers/firewire/fw-card.c
index e6395b298508..a03462750b95 100644
--- a/drivers/firewire/fw-card.c
+++ b/drivers/firewire/fw-card.c
@@ -18,6 +18,7 @@
18 18
19#include <linux/module.h> 19#include <linux/module.h>
20#include <linux/errno.h> 20#include <linux/errno.h>
21#include <linux/delay.h>
21#include <linux/device.h> 22#include <linux/device.h>
22#include <linux/mutex.h> 23#include <linux/mutex.h>
23#include <linux/crc-itu-t.h> 24#include <linux/crc-itu-t.h>
@@ -398,6 +399,7 @@ fw_card_initialize(struct fw_card *card, const struct fw_card_driver *driver,
398 static atomic_t index = ATOMIC_INIT(-1); 399 static atomic_t index = ATOMIC_INIT(-1);
399 400
400 kref_init(&card->kref); 401 kref_init(&card->kref);
402 atomic_set(&card->device_count, 0);
401 card->index = atomic_inc_return(&index); 403 card->index = atomic_inc_return(&index);
402 card->driver = driver; 404 card->driver = driver;
403 card->device = device; 405 card->device = device;
@@ -528,8 +530,14 @@ fw_core_remove_card(struct fw_card *card)
528 card->driver = &dummy_driver; 530 card->driver = &dummy_driver;
529 531
530 fw_destroy_nodes(card); 532 fw_destroy_nodes(card);
531 flush_scheduled_work(); 533 /*
534 * Wait for all device workqueue jobs to finish. Otherwise the
535 * firewire-core module could be unloaded before the jobs ran.
536 */
537 while (atomic_read(&card->device_count) > 0)
538 msleep(100);
532 539
540 cancel_delayed_work_sync(&card->work);
533 fw_flush_transactions(card); 541 fw_flush_transactions(card);
534 del_timer_sync(&card->flush_timer); 542 del_timer_sync(&card->flush_timer);
535 543
diff --git a/drivers/firewire/fw-device.c b/drivers/firewire/fw-device.c
index 2ab13e0f3469..870125a3638e 100644
--- a/drivers/firewire/fw-device.c
+++ b/drivers/firewire/fw-device.c
@@ -150,21 +150,10 @@ struct bus_type fw_bus_type = {
150}; 150};
151EXPORT_SYMBOL(fw_bus_type); 151EXPORT_SYMBOL(fw_bus_type);
152 152
153struct fw_device *fw_device_get(struct fw_device *device)
154{
155 get_device(&device->device);
156
157 return device;
158}
159
160void fw_device_put(struct fw_device *device)
161{
162 put_device(&device->device);
163}
164
165static void fw_device_release(struct device *dev) 153static void fw_device_release(struct device *dev)
166{ 154{
167 struct fw_device *device = fw_device(dev); 155 struct fw_device *device = fw_device(dev);
156 struct fw_card *card = device->card;
168 unsigned long flags; 157 unsigned long flags;
169 158
170 /* 159 /*
@@ -176,9 +165,9 @@ static void fw_device_release(struct device *dev)
176 spin_unlock_irqrestore(&device->card->lock, flags); 165 spin_unlock_irqrestore(&device->card->lock, flags);
177 166
178 fw_node_put(device->node); 167 fw_node_put(device->node);
179 fw_card_put(device->card);
180 kfree(device->config_rom); 168 kfree(device->config_rom);
181 kfree(device); 169 kfree(device);
170 atomic_dec(&card->device_count);
182} 171}
183 172
184int fw_device_enable_phys_dma(struct fw_device *device) 173int fw_device_enable_phys_dma(struct fw_device *device)
@@ -668,7 +657,8 @@ static void fw_device_init(struct work_struct *work)
668 */ 657 */
669 658
670 if (read_bus_info_block(device, device->generation) < 0) { 659 if (read_bus_info_block(device, device->generation) < 0) {
671 if (device->config_rom_retries < MAX_RETRIES) { 660 if (device->config_rom_retries < MAX_RETRIES &&
661 atomic_read(&device->state) == FW_DEVICE_INITIALIZING) {
672 device->config_rom_retries++; 662 device->config_rom_retries++;
673 schedule_delayed_work(&device->work, RETRY_DELAY); 663 schedule_delayed_work(&device->work, RETRY_DELAY);
674 } else { 664 } else {
@@ -805,7 +795,8 @@ void fw_node_event(struct fw_card *card, struct fw_node *node, int event)
805 */ 795 */
806 device_initialize(&device->device); 796 device_initialize(&device->device);
807 atomic_set(&device->state, FW_DEVICE_INITIALIZING); 797 atomic_set(&device->state, FW_DEVICE_INITIALIZING);
808 device->card = fw_card_get(card); 798 atomic_inc(&card->device_count);
799 device->card = card;
809 device->node = fw_node_get(node); 800 device->node = fw_node_get(node);
810 device->node_id = node->node_id; 801 device->node_id = node->node_id;
811 device->generation = card->generation; 802 device->generation = card->generation;
diff --git a/drivers/firewire/fw-device.h b/drivers/firewire/fw-device.h
index 43808c02793e..78ecd3991b7f 100644
--- a/drivers/firewire/fw-device.h
+++ b/drivers/firewire/fw-device.h
@@ -76,9 +76,21 @@ fw_device_is_shutdown(struct fw_device *device)
76 return atomic_read(&device->state) == FW_DEVICE_SHUTDOWN; 76 return atomic_read(&device->state) == FW_DEVICE_SHUTDOWN;
77} 77}
78 78
79struct fw_device *fw_device_get(struct fw_device *device); 79static inline struct fw_device *
80fw_device_get(struct fw_device *device)
81{
82 get_device(&device->device);
83
84 return device;
85}
86
87static inline void
88fw_device_put(struct fw_device *device)
89{
90 put_device(&device->device);
91}
92
80struct fw_device *fw_device_get_by_devt(dev_t devt); 93struct fw_device *fw_device_get_by_devt(dev_t devt);
81void fw_device_put(struct fw_device *device);
82int fw_device_enable_phys_dma(struct fw_device *device); 94int fw_device_enable_phys_dma(struct fw_device *device);
83 95
84void fw_device_cdev_update(struct fw_device *device); 96void fw_device_cdev_update(struct fw_device *device);
diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
index a093ac329db7..03069a454c07 100644
--- a/drivers/firewire/fw-sbp2.c
+++ b/drivers/firewire/fw-sbp2.c
@@ -769,6 +769,7 @@ static void sbp2_release_target(struct kref *kref)
769 struct Scsi_Host *shost = 769 struct Scsi_Host *shost =
770 container_of((void *)tgt, struct Scsi_Host, hostdata[0]); 770 container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
771 struct scsi_device *sdev; 771 struct scsi_device *sdev;
772 struct fw_device *device = fw_device(tgt->unit->device.parent);
772 773
773 /* prevent deadlocks */ 774 /* prevent deadlocks */
774 sbp2_unblock(tgt); 775 sbp2_unblock(tgt);
@@ -791,6 +792,7 @@ static void sbp2_release_target(struct kref *kref)
791 792
792 put_device(&tgt->unit->device); 793 put_device(&tgt->unit->device);
793 scsi_host_put(shost); 794 scsi_host_put(shost);
795 fw_device_put(device);
794} 796}
795 797
796static struct workqueue_struct *sbp2_wq; 798static struct workqueue_struct *sbp2_wq;
@@ -1088,6 +1090,8 @@ static int sbp2_probe(struct device *dev)
1088 if (scsi_add_host(shost, &unit->device) < 0) 1090 if (scsi_add_host(shost, &unit->device) < 0)
1089 goto fail_shost_put; 1091 goto fail_shost_put;
1090 1092
1093 fw_device_get(device);
1094
1091 /* Initialize to values that won't match anything in our table. */ 1095 /* Initialize to values that won't match anything in our table. */
1092 firmware_revision = 0xff000000; 1096 firmware_revision = 0xff000000;
1093 model = 0xff000000; 1097 model = 0xff000000;
diff --git a/drivers/firewire/fw-transaction.h b/drivers/firewire/fw-transaction.h
index fa7967b57408..09cb72870454 100644
--- a/drivers/firewire/fw-transaction.h
+++ b/drivers/firewire/fw-transaction.h
@@ -26,6 +26,7 @@
26#include <linux/fs.h> 26#include <linux/fs.h>
27#include <linux/dma-mapping.h> 27#include <linux/dma-mapping.h>
28#include <linux/firewire-constants.h> 28#include <linux/firewire-constants.h>
29#include <asm/atomic.h>
29 30
30#define TCODE_IS_READ_REQUEST(tcode) (((tcode) & ~1) == 4) 31#define TCODE_IS_READ_REQUEST(tcode) (((tcode) & ~1) == 4)
31#define TCODE_IS_BLOCK_PACKET(tcode) (((tcode) & 1) != 0) 32#define TCODE_IS_BLOCK_PACKET(tcode) (((tcode) & 1) != 0)
@@ -219,6 +220,7 @@ extern struct bus_type fw_bus_type;
219struct fw_card { 220struct fw_card {
220 const struct fw_card_driver *driver; 221 const struct fw_card_driver *driver;
221 struct device *device; 222 struct device *device;
223 atomic_t device_count;
222 struct kref kref; 224 struct kref kref;
223 225
224 int node_id; 226 int node_id;