1. 02 Oct, 2011 2 commits
    • Mark Salyzyn's avatar
      [SCSI] libsas: fix panic when single phy is disabled on a wide port · a73914c3
      Mark Salyzyn authored
      When a wide port is being utilized to a target, if one disables only one
      of the
      phys, we get an OS crash:
      
      BUG: unable to handle kernel NULL pointer dereference at
      0000000000000238
      IP: [<ffffffff814ca9b1>] mutex_lock+0x21/0x50
      PGD 4103f5067 PUD 41dba9067 PMD 0
      Oops: 0002 [#1] SMP
      last sysfs file: /sys/bus/pci/slots/5/address
      CPU 0
      Modules linked in: pm8001(U) ses enclosure fuse nfsd exportfs autofs4
      ipmi_devintf ipmi_si ipmi_msghandler nfs lockd fscache nfs_acl
      auth_rpcgss 8021q fcoe libfcoe garp libfc scsi_transport_fc stp scsi_tgt
      llc sunrpc cpufreq_ondemand acpi_cpufreq freq_table ipv6 sr_mod cdrom
      dm_mirror dm_region_hash dm_log uinput sg i2c_i801 i2c_core iTCO_wdt
      iTCO_vendor_support e1000e mlx4_ib ib_mad ib_core mlx4_en mlx4_core ext3
      jbd mbcache sd_mod crc_t10dif usb_storage ata_generic pata_acpi ata_piix
      libsas(U) scsi_transport_sas dm_mod [last unloaded: pm8001]
      
      Modules linked in: pm8001(U) ses enclosure fuse nfsd exportfs autofs4
      ipmi_devintf ipmi_si ipmi_msghandler nfs lockd fscache nfs_acl
      auth_rpcgss 8021q fcoe libfcoe garp libfc scsi_transport_fc stp scsi_tgt
      llc sunrpc cpufreq_ondemand acpi_cpufreq freq_table ipv6 sr_mod cdrom
      dm_mirror dm_region_hash dm_log uinput sg i2c_i801 i2c_core iTCO_wdt
      iTCO_vendor_support e1000e mlx4_ib ib_mad ib_core mlx4_en mlx4_core ext3
      jbd mbcache sd_mod crc_t10dif usb_storage ata_generic pata_acpi ata_piix
      libsas(U) scsi_transport_sas dm_mod [last unloaded: pm8001]
      Pid: 5146, comm: scsi_wq_5 Not tainted
      2.6.32-71.29.1.el6.lustre.7.x86_64 #1 Storage Server
      RIP: 0010:[<ffffffff814ca9b1>]  [<ffffffff814ca9b1>]
      mutex_lock+0x21/0x50
      RSP: 0018:ffff8803e4e33d30  EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 0000000000000238 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: ffff8803e664c800 RDI: 0000000000000238
      RBP: ffff8803e4e33d40 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
      R13: 0000000000000238 R14: ffff88041acb7200 R15: ffff88041c51ada0
      FS:  0000000000000000(0000) GS:ffff880028200000(0000)
      knlGS:0000000000000000
      CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
      CR2: 0000000000000238 CR3: 0000000410143000 CR4: 00000000000006f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process scsi_wq_5 (pid: 5146, threadinfo ffff8803e4e32000, task
      ffff8803e4e294a0)
      Stack:
       ffff8803e664c800 0000000000000000 ffff8803e4e33d70 ffffffffa001f06e
      <0> ffff8803e4e33d60 ffff88041c51ada0 ffff88041acb7200 ffff88041bc0aa00
      <0> ffff8803e4e33d90 ffffffffa0032b6c 0000000000000014 ffff88041acb7200
      Call Trace:
       [<ffffffffa001f06e>] sas_port_delete_phy+0x2e/0xa0 [scsi_transport_sas]
       [<ffffffffa0032b6c>] sas_unregister_devs_sas_addr+0xac/0xe0 [libsas]
       [<ffffffffa0034914>] sas_ex_revalidate_domain+0x204/0x330 [libsas]
       [<ffffffffa00307f0>] ? sas_revalidate_domain+0x0/0x90 [libsas]
       [<ffffffffa0030855>] sas_revalidate_domain+0x65/0x90 [libsas]
       [<ffffffff8108c7d0>] worker_thread+0x170/0x2a0
       [<ffffffff81091ea0>] ? autoremove_wake_function+0x0/0x40
       [<ffffffff8108c660>] ? worker_thread+0x0/0x2a0
       [<ffffffff81091b36>] kthread+0x96/0xa0
       [<ffffffff810141ca>] child_rip+0xa/0x20
       [<ffffffff81091aa0>] ? kthread+0x0/0xa0
       [<ffffffff810141c0>] ? child_rip+0x0/0x20
      Code: ff ff 85 c0 75 ed eb d6 66 90 55 48 89 e5 48 83 ec 10 48 89 1c 24
      4c 89 64 24 08 0f 1f 44 00 00 48 89 fb e8 92 f4 ff ff 48 89 df <f0> ff
      0f 79 05 e8 25 00 00 00 65 48 8b 04 25 08 cc 00 00 48 2d
      RIP  [<ffffffff814ca9b1>] mutex_lock+0x21/0x50
       RSP <ffff8803e4e33d30>
      CR2: 0000000000000238
      
      The following patch is admittedly a band-aid, and does not solve the
      root cause, but it still is a good candidate for hardening as a pointer
      check before reference.
      Signed-off-by: default avatarMark Salyzyn <mark_salyzyn@us.xyratex.com>
      Tested-by: default avatarJack Wang <jack_wang@usish.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      a73914c3
    • Roland Dreier's avatar
      [SCSI] qla2xxx: Fix crash in qla2x00_abort_all_cmds() on unload · 9bfacd01
      Roland Dreier authored
      I hit a crash in qla2x00_abort_all_cmds() if the qla2xxx module is
      unloaded right after it is loaded.  I debugged this down to the abort
      handling improperly treating a command of type SRB_ADISC_CMD as if it
      had a bsg_job to complete when that command actually uses the iocb_cmd
      part of the union.  (I guess to hit this one has to unload the module
      while the async FC initialization is still in progress)
      
      It seems we should only look for a bsg_job if type is SRB_ELS_CMD_RPT,
      SRB_ELS_CMD_HST or SRB_CT_CMD, so switch the test to make that explicit.
      Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
      Acked-by: default avatarChad Dupuis <chad.dupuis@qlogic.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      9bfacd01
  2. 01 Oct, 2011 1 commit
  3. 30 Sep, 2011 9 commits
    • Peter Zijlstra's avatar
      posix-cpu-timers: Cure SMP wobbles · d670ec13
      Peter Zijlstra authored
      David reported:
      
        Attached below is a watered-down version of rt/tst-cpuclock2.c from
        GLIBC.  Just build it with "gcc -o test test.c -lpthread -lrt" or
        similar.
      
        Run it several times, and you will see cases where the main thread
        will measure a process clock difference before and after the nanosleep
        which is smaller than the cpu-burner thread's individual thread clock
        difference.  This doesn't make any sense since the cpu-burner thread
        is part of the top-level process's thread group.
      
        I've reproduced this on both x86-64 and sparc64 (using both 32-bit and
        64-bit binaries).
      
        For example:
      
        [davem@boricha build-x86_64-linux]$ ./test
        process: before(0.001221967) after(0.498624371) diff(497402404)
        thread:  before(0.000081692) after(0.498316431) diff(498234739)
        self:    before(0.001223521) after(0.001240219) diff(16698)
        [davem@boricha build-x86_64-linux]$ 
      
        The diff of 'process' should always be >= the diff of 'thread'.
      
        I make sure to wrap the 'thread' clock measurements the most tightly
        around the nanosleep() call, and that the 'process' clock measurements
        are the outer-most ones.
      
        ---
        #include <unistd.h>
        #include <stdio.h>
        #include <stdlib.h>
        #include <time.h>
        #include <fcntl.h>
        #include <string.h>
        #include <errno.h>
        #include <pthread.h>
      
        static pthread_barrier_t barrier;
      
        static void *chew_cpu(void *arg)
        {
      	  pthread_barrier_wait(&barrier);
      	  while (1)
      		  __asm__ __volatile__("" : : : "memory");
      	  return NULL;
        }
      
        int main(void)
        {
      	  clockid_t process_clock, my_thread_clock, th_clock;
      	  struct timespec process_before, process_after;
      	  struct timespec me_before, me_after;
      	  struct timespec th_before, th_after;
      	  struct timespec sleeptime;
      	  unsigned long diff;
      	  pthread_t th;
      	  int err;
      
      	  err = clock_getcpuclockid(0, &process_clock);
      	  if (err)
      		  return 1;
      
      	  err = pthread_getcpuclockid(pthread_self(), &my_thread_clock);
      	  if (err)
      		  return 1;
      
      	  pthread_barrier_init(&barrier, NULL, 2);
      	  err = pthread_create(&th, NULL, chew_cpu, NULL);
      	  if (err)
      		  return 1;
      
      	  err = pthread_getcpuclockid(th, &th_clock);
      	  if (err)
      		  return 1;
      
      	  pthread_barrier_wait(&barrier);
      
      	  err = clock_gettime(process_clock, &process_before);
      	  if (err)
      		  return 1;
      
      	  err = clock_gettime(my_thread_clock, &me_before);
      	  if (err)
      		  return 1;
      
      	  err = clock_gettime(th_clock, &th_before);
      	  if (err)
      		  return 1;
      
      	  sleeptime.tv_sec = 0;
      	  sleeptime.tv_nsec = 500000000;
      	  nanosleep(&sleeptime, NULL);
      
      	  err = clock_gettime(th_clock, &th_after);
      	  if (err)
      		  return 1;
      
      	  err = clock_gettime(my_thread_clock, &me_after);
      	  if (err)
      		  return 1;
      
      	  err = clock_gettime(process_clock, &process_after);
      	  if (err)
      		  return 1;
      
      	  diff = process_after.tv_nsec - process_before.tv_nsec;
      	  printf("process: before(%lu.%.9lu) after(%lu.%.9lu) diff(%lu)\n",
      		 process_before.tv_sec, process_before.tv_nsec,
      		 process_after.tv_sec, process_after.tv_nsec, diff);
      	  diff = th_after.tv_nsec - th_before.tv_nsec;
      	  printf("thread:  before(%lu.%.9lu) after(%lu.%.9lu) diff(%lu)\n",
      		 th_before.tv_sec, th_before.tv_nsec,
      		 th_after.tv_sec, th_after.tv_nsec, diff);
      	  diff = me_after.tv_nsec - me_before.tv_nsec;
      	  printf("self:    before(%lu.%.9lu) after(%lu.%.9lu) diff(%lu)\n",
      		 me_before.tv_sec, me_before.tv_nsec,
      		 me_after.tv_sec, me_after.tv_nsec, diff);
      
      	  return 0;
        }
      
      This is due to us using p->se.sum_exec_runtime in
      thread_group_cputime() where we iterate the thread group and sum all
      data. This does not take time since the last schedule operation (tick
      or otherwise) into account. We can cure this by using
      task_sched_runtime() at the cost of having to take locks.
      
      This also means we can (and must) do away with
      thread_group_sched_runtime() since the modified thread_group_cputime()
      is now more accurate and would deadlock when called from
      thread_group_sched_runtime().
      
      Aside of that it makes the function safe on 32 bit systems. The old
      code added t->se.sum_exec_runtime unprotected. sum_exec_runtime is a
      64bit value and could be changed on another cpu at the same time.
      Reported-by: default avatarDavid Miller <davem@davemloft.net>
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: stable@kernel.org
      Link: http://lkml.kernel.org/r/1314874459.7945.22.camel@twinsTested-by: default avatarDavid Miller <davem@davemloft.net>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      d670ec13
    • Ram Pai's avatar
      Resource: fix wrong resource window calculation · 47ea91b4
      Ram Pai authored
      __find_resource() incorrectly returns a resource window which overlaps
      an existing allocated window.  This happens when the parent's
      resource-window spans 0x00000000 to 0xffffffff and is entirely allocated
      to all its children resource-windows.
      
      __find_resource() looks for gaps in resource allocation among the
      children resource windows.  When it encounters the last child window it
      blindly tries the range next to one allocated to the last child.  Since
      the last child's window ends at 0xffffffff the calculation overflows,
      leading the algorithm to believe that any window in the range 0x0000000
      to 0xfffffff is available for allocation.  This leads to a conflicting
      window allocation.
      
      Michal Ludvig reported this issue seen on his platform.  The following
      patch fixes the problem and has been verified by Michal.  I believe this
      bug has been there for ages.  It got exposed by git commit 2bbc6942
      ("PCI : ability to relocate assigned pci-resources")
      Signed-off-by: default avatarRam Pai <linuxram@us.ibm.com>
      Tested-by: default avatarMichal Ludvig <mludvig@logix.net.nz>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      47ea91b4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://github.com/NewDreamNetwork/ceph-client · 92bb062f
      Linus Torvalds authored
      * 'for-linus' of git://github.com/NewDreamNetwork/ceph-client:
        libceph: fix pg_temp mapping update
        libceph: fix pg_temp mapping calculation
        libceph: fix linger request requeuing
        libceph: fix parse options memory leak
        libceph: initialize ack_stamp to avoid unnecessary connection reset
      92bb062f
    • Linus Torvalds's avatar
      Merge branch 'v4l_for_linus' of git://linuxtv.org/mchehab/for_linus · 7409b713
      Linus Torvalds authored
      * 'v4l_for_linus' of git://linuxtv.org/mchehab/for_linus:
        [media] omap3isp: Fix build error in ispccdc.c
        [media] uvcvideo: Fix crash when linking entities
        [media] v4l: Make sure we hold a reference to the v4l2_device before using it
        [media] v4l: Fix use-after-free case in v4l2_device_release
        [media] uvcvideo: Set alternate setting 0 on resume if the bus has been reset
        [media] OMAP_VOUT: Fix build break caused by update_mode removal in DSS2
      7409b713
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6 · 0ecdb12a
      Linus Torvalds authored
      * 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
        [S390] cio: fix cio_tpi ignoring adapter interrupts
        [S390] gmap: always up mmap_sem properly
        [S390] Do not clobber personality flags on exec
      0ecdb12a
    • Linus Torvalds's avatar
      Merge git://github.com/davem330/sparc · 5fe858b5
      Linus Torvalds authored
      * git://github.com/davem330/sparc:
        sparc64: Force the execute bit in OpenFirmware's translation entries.
        sparc: Make '-p' boot option meaningful again.
        sparc, exec: remove redundant addr_limit assignment
        sparc64: Future proof Niagara cpu detection.
      5fe858b5
    • Linus Torvalds's avatar
      Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~keithp/linux · 8e8e500f
      Linus Torvalds authored
      * 'drm-intel-fixes' of git://people.freedesktop.org/~keithp/linux:
        drm/i915: FBC off for ironlake and older, otherwise on by default
        drm/i915: Enable SDVO hotplug interrupts for HDMI and DVI
        drm/i915: Enable dither whenever display bpc < frame buffer bpc
      8e8e500f
    • Benjamin Herrenschmidt's avatar
      powerpc: Fix device-tree matching for Apple U4 bridge · 16fa42af
      Benjamin Herrenschmidt authored
      Apple Quad G5 has some oddity in it's device-tree which causes the new
      generic matching code to fail to relate nodes for PCI-E devices below U4
      with their respective struct pci_dev.  This breaks graphics on those
      machines among others.
      
      This fixes it using a quirk which copies the node pointer from the host
      bridge for the root complex, which makes the generic code work for the
      children afterward.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      16fa42af
    • wangyanqing's avatar
      bootup: move 'usermodehelper_enable()' a little earlier · b0f84374
      wangyanqing authored
      Commit d5767c53 ("bootup: move 'usermodehelper_enable()' to the end
      of do_basic_setup()") moved 'usermodehelper_enable()' to end of
      do_basic_setup() to after the initcalls.  But then I get failed to let
      uvesafb work on my computer, and lose the splash boot.
      
      So maybe we could start usermodehelper_enable a little early to make
      some task work that need eary init with the help of user mode.
      
      [ I would *really* prefer that initcalls not call into user space - even
        the real 'init' hasn't been execve'd yet, after all! But for uvesafb
        it really does look like we don't have much choice.
      
        I considered doing this when we mount the root filesystem, but
        depending on config options that is in multiple places.  We could do
        the usermode helper enable as a rootfs_initcall()..
      
        So I'm just using wang yanqing's trivial patch.  It's not wonderful,
        but it's simple and should work.  We should revisit this some day,
        though.      - Linus ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b0f84374
  4. 29 Sep, 2011 1 commit
    • David S. Miller's avatar
      sparc64: Force the execute bit in OpenFirmware's translation entries. · f4142cba
      David S. Miller authored
      In the OF 'translations' property, the template TTEs in the mappings
      never specify the executable bit.  This is the case even though some
      of these mappings are for OF's code segment.
      
      Therefore, we need to force the execute bit on in every mapping.
      
      This problem can only really trigger on Niagara/sun4v machines and the
      history behind this is a little complicated.
      
      Previous to sun4v, the sun4u TTE entries lacked a hardware execute
      permission bit.  So OF didn't have to ever worry about setting
      anything to handle executable pages.  Any valid TTE loaded into the
      I-TLB would be respected by the chip.
      
      But sun4v Niagara chips have a real hardware enforced executable bit
      in their TTEs.  So it has to be set or else the I-TLB throws an
      instruction access exception with type code 6 (protection violation).
      
      We've been extremely fortunate to not get bitten by this in the past.
      
      The best I can tell is that the OF's mappings for it's executable code
      were mapped using permanent locked mappings on sun4v in the past.
      Therefore, the fact that we didn't have the exec bit set in the OF
      translations we would use did not matter in practice.
      
      Thanks to Greg Onufer for helping me track this down.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4142cba
  5. 28 Sep, 2011 9 commits
    • Linus Torvalds's avatar
      bootup: move 'usermodehelper_enable()' to the end of do_basic_setup() · d5767c53
      Linus Torvalds authored
      Doing it just before starting to call into cpu_idle() made a sick kind
      of sense only because the original bug we fixed (see commit
      288d5abe: "Boot up with usermodehelper disabled") was about problems
      with some scheduler data structures not being initialized, and they had
      better be initialized at that point.
      
      But it really didn't make any other conceptual sense, and doing it after
      the initial "schedule()" call for the idle thread actually opened up a
      race: what if the main initialization thread did everything without
      needing to sleep, and got all the way into user land too? Without
      actually having scheduled back to the idle thread?
      
      Now, in normal circumstances that doesn't ever happen, but it looks like
      Richard Cochran triggered exactly that on his ARM IXP4xx machines:
      
        "I have some ARM IXP4xx based machines that use the two on chip MAC
         ports (aka NPEs).  The NPE needs a firmware in order to function.
         Ever since the following commit [that 288d5abe one], it is no
         longer possible to bring up the interfaces during the init scripts."
      
      with a call trace showing an ioctl coming from user space. Richard says:
      
        "The init is busybox, and the startup script does mount, syslogd, and
         then ifup, so that all can go by quickly."
      
      The fix is to move the usermodehelper_enable() into the main 'init'
      thread, and just put it after we've done all our initcalls.  By then,
      everything really should be up, but we've obviously not actually started
      the user-mode portion of init yet.
      Reported-and-tested-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d5767c53
    • Sage Weil's avatar
      libceph: fix pg_temp mapping update · 8adc8b3d
      Sage Weil authored
      The incremental map updates have a record for each pg_temp mapping that is
      to be add/updated (len > 0) or removed (len == 0).  The old code was
      written as if the updates were a complete enumeration; that was just wrong.
      Update the code to remove 0-length entries and drop the rbtree traversal.
      
      This avoids misdirected (and hung) requests that manifest as server
      errors like
      
      [WRN] client4104 10.0.1.219:0/275025290 misdirected client4104.1:129 0.1 to osd0 not [1,0] in e11/11
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      8adc8b3d
    • Sage Weil's avatar
      libceph: fix pg_temp mapping calculation · 782e182e
      Sage Weil authored
      We need to apply the modulo pg_num calculation before looking up a pgid in
      the pg_temp mapping rbtree.  This fixes pg_temp mappings, and fixes
      (some) misdirected requests that result in messages like
      
      [WRN] client4104 10.0.1.219:0/275025290 misdirected client4104.1:129 0.1 to osd0 not [1,0] in e11/11
      
      on the server and stall make the client block without getting a reply (at
      least until the pg_temp mapping goes way, but that can take a long long
      time).
      
      Reorder calc_pg_raw() a bit to make more sense.
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      782e182e
    • Linus Torvalds's avatar
      Merge git://github.com/davem330/net · 2ef7b45a
      Linus Torvalds authored
      * git://github.com/davem330/net:
        ipv6-multicast: Fix memory leak in IPv6 multicast.
        ipv6: check return value for dst_alloc
        net: check return value for dst_alloc
        ipv6-multicast: Fix memory leak in input path.
        bnx2x: add missing break in bnx2x_dcbnl_get_cap
        bnx2x: fix WOL by enablement PME in config space
        bnx2x: fix hw attention handling
        net: fix a typo in Documentation/networking/scaling.txt
        ath9k: Fix a dma warning/memory leak
        rtlwifi: rtl8192cu: Fix unitialized struct
        iwlagn: fix dangling scan request
        batman-adv: do_bcast has to be true for broadcast packets only
        cfg80211: Fix validation of AKM suites
        iwlegacy: do not use interruptible waits
        iwlegacy: fix command queue timeout
        ath9k_hw: Fix Rx DMA stuck for AR9003 chips
      2ef7b45a
    • Linus Torvalds's avatar
      Merge git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6 · 07117e30
      Linus Torvalds authored
      * git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6:
        [SCSI] 3w-9xxx: fix iommu_iova leak
        [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference
        [SCSI] scsi: qla4xxx needs libiscsi.o
        [SCSI] libsas: fix failure to revalidate domain for anything but the first expander child.
        [SCSI] aacraid: reset should disable MSI interrupt
      07117e30
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · c54a06d4
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.dk/linux-block:
        block: Free queue resources at blk_release_queue()
      c54a06d4
    • Linus Torvalds's avatar
      Merge branch 'writeback-for-linus' of git://github.com/fengguang/linux · e689ec80
      Linus Torvalds authored
      * 'writeback-for-linus' of git://github.com/fengguang/linux:
        writeback: show raw dirtied_when in trace writeback_single_inode
      e689ec80
    • Hannes Reinecke's avatar
      block: Free queue resources at blk_release_queue() · 777eb1bf
      Hannes Reinecke authored
      A kernel crash is observed when a mounted ext3/ext4 filesystem is
      physically removed. The problem is that blk_cleanup_queue() frees up
      some resources eg by calling elevator_exit(), which are not checked for
      in normal operation. So we should rather move these calls to the
      destructor function blk_release_queue() as at that point all remaining
      references are gone. However, in doing so we have to ensure that any
      externally supplied queue_lock is disconnected as the driver might free
      up the lock after the call of blk_cleanup_queue(),
      Signed-off-by: default avatarHannes Reinecke <hare@suse.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      777eb1bf
    • David S. Miller's avatar
  6. 27 Sep, 2011 18 commits