2009-06-07 09:21:14

by Borislav Petkov

[permalink] [raw]
Subject: [PATCH] ide-tape: fix proc warning

Hi,

this is yet another ide-tape fix against ide-2.6.git/for-next.

--
From: Borislav Petkov <[email protected]>
Date: Sun, 7 Jun 2009 11:05:53 +0200
Subject: [PATCH] ide-tape: fix proc warning

When accessing ide-tape over the chrdev interface, I get

[ 278.147906] ------------[ cut here ]------------
[ 278.152685] WARNING: at fs/proc/generic.c:847 remove_proc_entry+0x199/0x1b8()
[ 278.160070] Hardware name: P4I45PE 1.00
[ 278.160076] remove_proc_entry: removing non-empty directory 'ide0/hdb', leaking at least 'name'
[ 278.160080] Modules linked in: rtc intel_agp pcspkr thermal processor thermal_sys parport_pc parport agpgart button
[ 278.160100] Pid: 2312, comm: mt Not tainted 2.6.30-rc2 #3
[ 278.160105] Call Trace:
[ 278.160117] [<c012141d>] warn_slowpath+0x71/0xa0
[ 278.160126] [<c035f219>] ? _spin_unlock_irqrestore+0x29/0x2c
[ 278.160132] [<c011c686>] ? try_to_wake_up+0x1b6/0x1c0
[ 278.160141] [<c011c69b>] ? default_wake_function+0xb/0xd
[ 278.160149] [<c0177ead>] ? pollwake+0x4a/0x55
[ 278.160156] [<c035f240>] ? _spin_unlock+0x24/0x26
[ 278.160163] [<c0165d38>] ? add_partial+0x44/0x49
[ 278.160169] [<c01669e8>] ? __slab_free+0xba/0x29c
[ 278.160177] [<c01a13d8>] ? sysfs_delete_inode+0x0/0x3c
[ 278.160184] [<c019ca92>] remove_proc_entry+0x199/0x1b8
[ 278.160191] [<c01a297e>] ? remove_dir+0x27/0x2e
[ 278.160199] [<c025f3ab>] ide_proc_unregister_device+0x40/0x4c
[ 278.160207] [<c02599cd>] drive_release_dev+0x14/0x47
[ 278.160214] [<c0250538>] device_release+0x35/0x5a
[ 278.160221] [<c01f8bed>] kobject_release+0x40/0x50
[ 278.160226] [<c01f8bad>] ? kobject_release+0x0/0x50
[ 278.160232] [<c01f96ac>] kref_put+0x3c/0x4a
[ 278.160238] [<c01f8b29>] kobject_put+0x37/0x3c
[ 278.160243] [<c025020c>] put_device+0xf/0x11
[ 278.160249] [<c025789f>] ide_device_put+0x2d/0x30
[ 278.160255] [<c02658da>] ide_tape_put+0x24/0x32
[ 278.160261] [<c0266e0c>] idetape_chrdev_release+0x17f/0x18e
[ 278.160269] [<c016c4f5>] __fput+0xca/0x175
[ 278.160275] [<c016c5b9>] fput+0x19/0x1b
[ 278.160280] [<c0169d19>] filp_close+0x51/0x5b
[ 278.160286] [<c0169d96>] sys_close+0x73/0xad
[ 278.160293] [<c0102a61>] syscall_call+0x7/0xb
[ 278.160298] ---[ end trace f16d907ea1f89336 ]---

because it tries to free its proc entry in drive_release_dev()
in the call chain resulting from ide_tape_put() but it chokes on
/proc/ide/ide[01]/hd?/name which is added during driver registration and
should go only at driver removal time.

Add/remove those proc entries everytime the device is accessed.

Signed-off-by: Borislav Petkov <[email protected]>
---
drivers/ide/ide-tape.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 055f52e..9d9d771 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -252,6 +252,7 @@ static struct ide_tape_obj *ide_tape_get(struct gendisk *disk)
else
get_device(&tape->dev);
}
+ ide_proc_register_driver(tape->drive, tape->driver);
mutex_unlock(&idetape_ref_mutex);
return tape;
}
@@ -261,6 +262,7 @@ static void ide_tape_put(struct ide_tape_obj *tape)
ide_drive_t *drive = tape->drive;

mutex_lock(&idetape_ref_mutex);
+ ide_proc_unregister_driver(drive, tape->driver);
put_device(&tape->dev);
ide_device_put(drive);
mutex_unlock(&idetape_ref_mutex);
--
1.6.3.1


--
Regards/Gruss,
Boris.


Subject: Re: [PATCH] ide-tape: fix proc warning

On Sunday 07 June 2009 11:20:54 Borislav Petkov wrote:
> Hi,
>
> this is yet another ide-tape fix against ide-2.6.git/for-next.
>
> --
> From: Borislav Petkov <[email protected]>
> Date: Sun, 7 Jun 2009 11:05:53 +0200
> Subject: [PATCH] ide-tape: fix proc warning
>
> When accessing ide-tape over the chrdev interface, I get
>
> [ 278.147906] ------------[ cut here ]------------
> [ 278.152685] WARNING: at fs/proc/generic.c:847 remove_proc_entry+0x199/0x1b8()
> [ 278.160070] Hardware name: P4I45PE 1.00
> [ 278.160076] remove_proc_entry: removing non-empty directory 'ide0/hdb', leaking at least 'name'
> [ 278.160080] Modules linked in: rtc intel_agp pcspkr thermal processor thermal_sys parport_pc parport agpgart button
> [ 278.160100] Pid: 2312, comm: mt Not tainted 2.6.30-rc2 #3
> [ 278.160105] Call Trace:
> [ 278.160117] [<c012141d>] warn_slowpath+0x71/0xa0
> [ 278.160126] [<c035f219>] ? _spin_unlock_irqrestore+0x29/0x2c
> [ 278.160132] [<c011c686>] ? try_to_wake_up+0x1b6/0x1c0
> [ 278.160141] [<c011c69b>] ? default_wake_function+0xb/0xd
> [ 278.160149] [<c0177ead>] ? pollwake+0x4a/0x55
> [ 278.160156] [<c035f240>] ? _spin_unlock+0x24/0x26
> [ 278.160163] [<c0165d38>] ? add_partial+0x44/0x49
> [ 278.160169] [<c01669e8>] ? __slab_free+0xba/0x29c
> [ 278.160177] [<c01a13d8>] ? sysfs_delete_inode+0x0/0x3c
> [ 278.160184] [<c019ca92>] remove_proc_entry+0x199/0x1b8
> [ 278.160191] [<c01a297e>] ? remove_dir+0x27/0x2e
> [ 278.160199] [<c025f3ab>] ide_proc_unregister_device+0x40/0x4c
> [ 278.160207] [<c02599cd>] drive_release_dev+0x14/0x47
> [ 278.160214] [<c0250538>] device_release+0x35/0x5a
> [ 278.160221] [<c01f8bed>] kobject_release+0x40/0x50
> [ 278.160226] [<c01f8bad>] ? kobject_release+0x0/0x50
> [ 278.160232] [<c01f96ac>] kref_put+0x3c/0x4a
> [ 278.160238] [<c01f8b29>] kobject_put+0x37/0x3c
> [ 278.160243] [<c025020c>] put_device+0xf/0x11
> [ 278.160249] [<c025789f>] ide_device_put+0x2d/0x30
> [ 278.160255] [<c02658da>] ide_tape_put+0x24/0x32
> [ 278.160261] [<c0266e0c>] idetape_chrdev_release+0x17f/0x18e
> [ 278.160269] [<c016c4f5>] __fput+0xca/0x175
> [ 278.160275] [<c016c5b9>] fput+0x19/0x1b
> [ 278.160280] [<c0169d19>] filp_close+0x51/0x5b
> [ 278.160286] [<c0169d96>] sys_close+0x73/0xad
> [ 278.160293] [<c0102a61>] syscall_call+0x7/0xb
> [ 278.160298] ---[ end trace f16d907ea1f89336 ]---
>
> because it tries to free its proc entry in drive_release_dev()
> in the call chain resulting from ide_tape_put() but it chokes on
> /proc/ide/ide[01]/hd?/name which is added during driver registration and
> should go only at driver removal time.
>
> Add/remove those proc entries everytime the device is accessed.

This looks more like broken ide-tape refcounting for chrdev interface
than mismatch of /proc entries registration time (especially since other
device drivers are not having the above problem)..

Please see ide_tape_chrdev_get() -- it misses ide_device_get() call
[present in ide_tape_get()] which can result in premature release of
IDE device during ide_tape_put() call.

2009-06-07 17:45:43

by Borislav Petkov

[permalink] [raw]
Subject: Re: [PATCH] ide-tape: fix proc warning

Hi,

On Sun, Jun 07, 2009 at 03:28:04PM +0200, Bartlomiej Zolnierkiewicz wrote:
> > because it tries to free its proc entry in drive_release_dev()
> > in the call chain resulting from ide_tape_put() but it chokes on
> > /proc/ide/ide[01]/hd?/name which is added during driver registration and
> > should go only at driver removal time.
> >
> > Add/remove those proc entries everytime the device is accessed.
>
> This looks more like broken ide-tape refcounting for chrdev interface
> than mismatch of /proc entries registration time (especially since other
> device drivers are not having the above problem)..

This sounds more like it, I was wondering why that
/proc/ide/ide[01]/hd?/name attribute was disappearing.

> Please see ide_tape_chrdev_get() -- it misses ide_device_get() call
> [present in ide_tape_get()] which can result in premature release of
> IDE device during ide_tape_put() call.

By the way, why are we using two devs for the reference counting:
drive->gendev over ide_device_get() and fall back to {tape,cd,idkp}->dev
in get_device(). Isn't one enough?

Anyways, here's the fixed version, tested with my Seagate STT8000A,
works fine.

--
From: Borislav Petkov <[email protected]>
Date: Sun, 7 Jun 2009 19:35:56 +0200
Subject: [PATCH] ide-tape: fix proc warning

ide_tape_chrdev_get() was missing an ide_device_get() refcount increment
which lead to the following warning:

[ 278.147906] ------------[ cut here ]------------
[ 278.152685] WARNING: at fs/proc/generic.c:847 remove_proc_entry+0x199/0x1b8()
[ 278.160070] Hardware name: P4I45PE 1.00
[ 278.160076] remove_proc_entry: removing non-empty directory 'ide0/hdb', leaking at least 'name'
[ 278.160080] Modules linked in: rtc intel_agp pcspkr thermal processor thermal_sys parport_pc parport agpgart button
[ 278.160100] Pid: 2312, comm: mt Not tainted 2.6.30-rc2 #3
[ 278.160105] Call Trace:
[ 278.160117] [<c012141d>] warn_slowpath+0x71/0xa0
[ 278.160126] [<c035f219>] ? _spin_unlock_irqrestore+0x29/0x2c
[ 278.160132] [<c011c686>] ? try_to_wake_up+0x1b6/0x1c0
[ 278.160141] [<c011c69b>] ? default_wake_function+0xb/0xd
[ 278.160149] [<c0177ead>] ? pollwake+0x4a/0x55
[ 278.160156] [<c035f240>] ? _spin_unlock+0x24/0x26
[ 278.160163] [<c0165d38>] ? add_partial+0x44/0x49
[ 278.160169] [<c01669e8>] ? __slab_free+0xba/0x29c
[ 278.160177] [<c01a13d8>] ? sysfs_delete_inode+0x0/0x3c
[ 278.160184] [<c019ca92>] remove_proc_entry+0x199/0x1b8
[ 278.160191] [<c01a297e>] ? remove_dir+0x27/0x2e
[ 278.160199] [<c025f3ab>] ide_proc_unregister_device+0x40/0x4c
[ 278.160207] [<c02599cd>] drive_release_dev+0x14/0x47
[ 278.160214] [<c0250538>] device_release+0x35/0x5a
[ 278.160221] [<c01f8bed>] kobject_release+0x40/0x50
[ 278.160226] [<c01f8bad>] ? kobject_release+0x0/0x50
[ 278.160232] [<c01f96ac>] kref_put+0x3c/0x4a
[ 278.160238] [<c01f8b29>] kobject_put+0x37/0x3c
[ 278.160243] [<c025020c>] put_device+0xf/0x11
[ 278.160249] [<c025789f>] ide_device_put+0x2d/0x30
[ 278.160255] [<c02658da>] ide_tape_put+0x24/0x32
[ 278.160261] [<c0266e0c>] idetape_chrdev_release+0x17f/0x18e
[ 278.160269] [<c016c4f5>] __fput+0xca/0x175
[ 278.160275] [<c016c5b9>] fput+0x19/0x1b
[ 278.160280] [<c0169d19>] filp_close+0x51/0x5b
[ 278.160286] [<c0169d96>] sys_close+0x73/0xad
[ 278.160293] [<c0102a61>] syscall_call+0x7/0xb
[ 278.160298] ---[ end trace f16d907ea1f89336 ]---

Instead of trivially fixing it by adding the missing call,
ide_tape_chrdev_get() and ide_tape_get() were merged into one function
since both were almost identical. The only difference was that
ide_tape_chrdev_get() was accessing the ide-tape reference through the
idetape_devs[] array of minors instead of through the gendisk.

Accomodate that by adding two additional parameters to ide_tape_get() to
annotate the call site and invoke the proper behavior.

As a result, remove ide_tape_chrdev_get().

There should be no functional change resulting from this patch.

Signed-off-by: Borislav Petkov <[email protected]>
---
drivers/ide/ide-tape.c | 35 +++++++++++++----------------------
1 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 055f52e..51ea59e 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -240,18 +240,27 @@ static struct class *idetape_sysfs_class;

static void ide_tape_release(struct device *);

-static struct ide_tape_obj *ide_tape_get(struct gendisk *disk)
+static struct ide_tape_obj *idetape_devs[MAX_HWIFS * MAX_DRIVES];
+
+static struct ide_tape_obj *ide_tape_get(struct gendisk *disk, bool cdev,
+ unsigned int i)
{
struct ide_tape_obj *tape = NULL;

mutex_lock(&idetape_ref_mutex);
- tape = ide_drv_g(disk, ide_tape_obj);
+
+ if (cdev)
+ tape = idetape_devs[i];
+ else
+ tape = ide_drv_g(disk, ide_tape_obj);
+
if (tape) {
if (ide_device_get(tape->drive))
tape = NULL;
else
get_device(&tape->dev);
}
+
mutex_unlock(&idetape_ref_mutex);
return tape;
}
@@ -267,24 +276,6 @@ static void ide_tape_put(struct ide_tape_obj *tape)
}

/*
- * The variables below are used for the character device interface. Additional
- * state variables are defined in our ide_drive_t structure.
- */
-static struct ide_tape_obj *idetape_devs[MAX_HWIFS * MAX_DRIVES];
-
-static struct ide_tape_obj *ide_tape_chrdev_get(unsigned int i)
-{
- struct ide_tape_obj *tape = NULL;
-
- mutex_lock(&idetape_ref_mutex);
- tape = idetape_devs[i];
- if (tape)
- get_device(&tape->dev);
- mutex_unlock(&idetape_ref_mutex);
- return tape;
-}
-
-/*
* called on each failed packet command retry to analyze the request sense. We
* currently do not utilize this information.
*/
@@ -1495,7 +1486,7 @@ static int idetape_chrdev_open(struct inode *inode, struct file *filp)
return -ENXIO;

lock_kernel();
- tape = ide_tape_chrdev_get(i);
+ tape = ide_tape_get(NULL, true, i);
if (!tape) {
unlock_kernel();
return -ENXIO;
@@ -1916,7 +1907,7 @@ static const struct file_operations idetape_fops = {

static int idetape_open(struct block_device *bdev, fmode_t mode)
{
- struct ide_tape_obj *tape = ide_tape_get(bdev->bd_disk);
+ struct ide_tape_obj *tape = ide_tape_get(bdev->bd_disk, false, 0);

if (!tape)
return -ENXIO;
--
1.6.3.1


--
Regards/Gruss,
Boris.

Subject: Re: [PATCH] ide-tape: fix proc warning

On Sunday 07 June 2009 19:45:33 Borislav Petkov wrote:
> Hi,
>
> On Sun, Jun 07, 2009 at 03:28:04PM +0200, Bartlomiej Zolnierkiewicz wrote:
> > > because it tries to free its proc entry in drive_release_dev()
> > > in the call chain resulting from ide_tape_put() but it chokes on
> > > /proc/ide/ide[01]/hd?/name which is added during driver registration and
> > > should go only at driver removal time.
> > >
> > > Add/remove those proc entries everytime the device is accessed.
> >
> > This looks more like broken ide-tape refcounting for chrdev interface
> > than mismatch of /proc entries registration time (especially since other
> > device drivers are not having the above problem)..
>
> This sounds more like it, I was wondering why that
> /proc/ide/ide[01]/hd?/name attribute was disappearing.
>
> > Please see ide_tape_chrdev_get() -- it misses ide_device_get() call
> > [present in ide_tape_get()] which can result in premature release of
> > IDE device during ide_tape_put() call.
>
> By the way, why are we using two devs for the reference counting:
> drive->gendev over ide_device_get() and fall back to {tape,cd,idkp}->dev
> in get_device(). Isn't one enough?

->gendev and ->dev have different lifetime rules.

> Anyways, here's the fixed version, tested with my Seagate STT8000A,
> works fine.
>
> --
> From: Borislav Petkov <[email protected]>
> Date: Sun, 7 Jun 2009 19:35:56 +0200
> Subject: [PATCH] ide-tape: fix proc warning
>
> ide_tape_chrdev_get() was missing an ide_device_get() refcount increment
> which lead to the following warning:
>
> [ 278.147906] ------------[ cut here ]------------
> [ 278.152685] WARNING: at fs/proc/generic.c:847 remove_proc_entry+0x199/0x1b8()
> [ 278.160070] Hardware name: P4I45PE 1.00
> [ 278.160076] remove_proc_entry: removing non-empty directory 'ide0/hdb', leaking at least 'name'
> [ 278.160080] Modules linked in: rtc intel_agp pcspkr thermal processor thermal_sys parport_pc parport agpgart button
> [ 278.160100] Pid: 2312, comm: mt Not tainted 2.6.30-rc2 #3
> [ 278.160105] Call Trace:
> [ 278.160117] [<c012141d>] warn_slowpath+0x71/0xa0
> [ 278.160126] [<c035f219>] ? _spin_unlock_irqrestore+0x29/0x2c
> [ 278.160132] [<c011c686>] ? try_to_wake_up+0x1b6/0x1c0
> [ 278.160141] [<c011c69b>] ? default_wake_function+0xb/0xd
> [ 278.160149] [<c0177ead>] ? pollwake+0x4a/0x55
> [ 278.160156] [<c035f240>] ? _spin_unlock+0x24/0x26
> [ 278.160163] [<c0165d38>] ? add_partial+0x44/0x49
> [ 278.160169] [<c01669e8>] ? __slab_free+0xba/0x29c
> [ 278.160177] [<c01a13d8>] ? sysfs_delete_inode+0x0/0x3c
> [ 278.160184] [<c019ca92>] remove_proc_entry+0x199/0x1b8
> [ 278.160191] [<c01a297e>] ? remove_dir+0x27/0x2e
> [ 278.160199] [<c025f3ab>] ide_proc_unregister_device+0x40/0x4c
> [ 278.160207] [<c02599cd>] drive_release_dev+0x14/0x47
> [ 278.160214] [<c0250538>] device_release+0x35/0x5a
> [ 278.160221] [<c01f8bed>] kobject_release+0x40/0x50
> [ 278.160226] [<c01f8bad>] ? kobject_release+0x0/0x50
> [ 278.160232] [<c01f96ac>] kref_put+0x3c/0x4a
> [ 278.160238] [<c01f8b29>] kobject_put+0x37/0x3c
> [ 278.160243] [<c025020c>] put_device+0xf/0x11
> [ 278.160249] [<c025789f>] ide_device_put+0x2d/0x30
> [ 278.160255] [<c02658da>] ide_tape_put+0x24/0x32
> [ 278.160261] [<c0266e0c>] idetape_chrdev_release+0x17f/0x18e
> [ 278.160269] [<c016c4f5>] __fput+0xca/0x175
> [ 278.160275] [<c016c5b9>] fput+0x19/0x1b
> [ 278.160280] [<c0169d19>] filp_close+0x51/0x5b
> [ 278.160286] [<c0169d96>] sys_close+0x73/0xad
> [ 278.160293] [<c0102a61>] syscall_call+0x7/0xb
> [ 278.160298] ---[ end trace f16d907ea1f89336 ]---
>
> Instead of trivially fixing it by adding the missing call,
> ide_tape_chrdev_get() and ide_tape_get() were merged into one function
> since both were almost identical. The only difference was that
> ide_tape_chrdev_get() was accessing the ide-tape reference through the
> idetape_devs[] array of minors instead of through the gendisk.
>
> Accomodate that by adding two additional parameters to ide_tape_get() to
> annotate the call site and invoke the proper behavior.
>
> As a result, remove ide_tape_chrdev_get().
>
> There should be no functional change resulting from this patch.

Doesn't it fix the warning? :)

[ I removed this line while merging the patch. ]

> Signed-off-by: Borislav Petkov <[email protected]>

applied