linux/drivers/scsi
Bartlomiej Zolnierkiewicz d3e33ff59f ide: fix regression caused by ide_device_{get,put}() addition (take 2)
On Monday 28 July 2008, Benjamin Herrenschmidt wrote:

[...]

> Vector: 300 (Data Access) at [c58b7b80]
>     pc: c014f264: elv_may_queue+0x10/0x44
>     lr: c0152750: get_request+0x2c/0x2c0
>     sp: c58b7c30
>    msr: 1032
>    dar: c
>  dsisr: 40000000
>   current = 0xc58aaae0
>     pid   = 854, comm = media-bay
> enter ? for help
> mon> t
> [c58b7c40] c0152750 get_request+0x2c/0x2c0
> [c58b7c70] c0152a08 get_request_wait+0x24/0xec
> [c58b7cc0] c0225674 ide_cd_queue_pc+0x58/0x1a0
> [c58b7d40] c022672c ide_cdrom_packet+0x9c/0xdc
> [c58b7d70] c0261810 cdrom_get_disc_info+0x60/0xd0
> [c58b7dc0] c026208c cdrom_mrw_exit+0x1c/0x11c
> [c58b7e30] c0260f7c unregister_cdrom+0x84/0xe8
> [c58b7e50] c022395c ide_cd_release+0x80/0x84
> [c58b7e70] c0163650 kref_put+0x54/0x6c
> [c58b7e80] c0223884 ide_cd_put+0x40/0x5c
> [c58b7ea0] c0211100 generic_ide_remove+0x28/0x3c
> [c58b7eb0] c01e9d34 __device_release_driver+0x78/0xb4
> [c58b7ec0] c01e9e44 device_release_driver+0x28/0x44
> [c58b7ee0] c01e8f7c bus_remove_device+0xac/0xd8
> [c58b7f00] c01e7424 device_del+0x104/0x198
> [c58b7f20] c01e74d0 device_unregister+0x18/0x30
> [c58b7f40] c02121c4 __ide_port_unregister_devices+0x6c/0x88
> [c58b7f60] c0212398 ide_port_unregister_devices+0x38/0x80
> [c58b7f80] c0208ca4 media_bay_step+0x1cc/0x5c0
> [c58b7fb0] c0209124 media_bay_task+0x8c/0xcc
> [c58b7fd0] c00485c0 kthread+0x48/0x84
> [c58b7ff0] c0011b20 kernel_thread+0x44/0x60

The guilty commit turned out to be 08da591e14
("ide: add ide_device_{get,put}() helpers").  ide_device_put() is called
before kref_put() in ide_cd_put() so IDE device is already gone by the time
ide_cd_release() is reached.

Fix it by calling ide_device_get() before kref_get() and ide_device_put()
after kref_put() in all affected device drivers.

v2:
Brown paper bag time.  In v1 cd->drive was referenced after dropping last
reference on cd object (which could result in OOPS in ide_device_put() as
reported/debugged by Mariusz Kozlowski).  Fix it by caching cd->drive in
the local variable (fix other device drivers too).

Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reported-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Borislav Petkov <petkovbb@gmail.com>
Tested-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Tested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-08-05 18:16:59 +02:00
..
aacraid Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-07-15 18:58:04 -07:00
aic7xxx scsi: fix integer as NULL pointer warnings 2008-04-28 17:31:13 -07:00
aic7xxx_old
aic94xx [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
arcmsr SCSI: convert struct class_device to struct device 2008-04-19 19:10:33 -07:00
arm [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
device_handler [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
dpt [SCSI] dpt_i2o: Add PROC_IA64 define 2008-06-15 11:12:20 -05:00
ibmvscsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-07-27 10:04:52 -07:00
libsas [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
lpfc [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
megaraid [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
pcmcia [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
qla2xxx [SCSI] qla2xxx: fix msleep compile error 2008-07-28 10:13:22 -05:00
qla4xxx [SCSI] qla4xxx: fix queue depth setting 2008-07-26 15:14:49 -04:00
sym53c8xx_2 [SCSI] sym53c8xx: free luntbl in sym_hcb_free 2008-07-26 15:14:56 -04:00
.gitignore [SCSI] 53c7xx: fix removal fallout 2008-01-11 18:22:30 -06:00
3w-9xxx.c [SCSI] 3w-9xxx: add MSI support and misc fixes 2008-07-26 15:15:00 -04:00
3w-9xxx.h [SCSI] 3w-9xxx: add MSI support and misc fixes 2008-07-26 15:15:00 -04:00
3w-xxxx.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
3w-xxxx.h
53c700_d.h_shipped
53c700.c [SCSI] Let scsi_cmnd->cmnd use request->cmd buffer 2008-05-02 10:18:22 -05:00
53c700.h
53c700.scr
a100u2w.c Don't crash on IOMMU overflow in A100U2W driver 2008-07-15 14:30:56 -07:00
a100u2w.h
a2091.c [SCSI] wd33c93: fix up cut and paste error 2008-04-07 12:19:07 -05:00
a2091.h
a3000.c [SCSI] WD33C93: let platform stub override no_sync/fast/dma_mode 2008-04-07 12:19:01 -05:00
a3000.h
a4000t.c [SCSI] kmalloc + memset conversion to kzalloc 2007-10-12 14:41:00 -04:00
advansys.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
aha152x.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
aha152x.h [SCSI] aha152x: fix debug mode symbol conflict 2007-08-04 09:11:06 -05:00
aha1542.c [SCSI] aha1542: minor irq handler cleanups 2008-04-27 12:19:55 -05:00
aha1542.h
aha1740.c [SCSI] remove use_sg_chaining 2008-01-30 13:14:02 -06:00
aha1740.h
aic7xxx_old.c Remove pointless casts from void pointers 2008-02-06 10:41:01 -08:00
atari_dma_emul.c
atari_NCR5380.c [SCSI] atari_NCR5380, sun3_NCR5380: operator precedence fix 2008-01-11 18:28:57 -06:00
atari_scsi.c [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage 2007-11-25 12:19:26 +02:00
atari_scsi.h
atp870u.c scsi: fix integer as NULL pointer warning 2008-05-23 08:11:07 -07:00
atp870u.h
BusLogic.c [SCSI] BusLogic: make FlashPoint support x86-32 only 2008-04-07 12:15:44 -05:00
BusLogic.h [SCSI] BusLogic: make FlashPoint support x86-32 only 2008-04-07 12:15:44 -05:00
bvme6000_scsi.c [SCSI] kmalloc + memset conversion to kzalloc 2007-10-12 14:41:00 -04:00
ch.c [SCSI] ch: fix ch_remove oops 2008-07-26 15:17:47 -04:00
constants.c [SCSI] add support for variable length extended commands 2008-05-02 11:33:25 -05:00
dc395x.c [SCSI] Remove random noop unchecked_isa_dma users 2008-04-07 12:15:40 -05:00
dc395x.h
dmx3191d.c
dpt_i2o.c device create: scsi: convert device_create to device_create_drvdata 2008-07-21 21:54:44 -07:00
dpti.h drivers/scsi/dpt_i2o.c: fix build on alpha 2008-05-08 10:46:56 -07:00
dtc.c [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage 2007-11-25 12:19:26 +02:00
dtc.h
eata_generic.h
eata_pio.c [SCSI] Remove random noop unchecked_isa_dma users 2008-04-07 12:15:40 -05:00
eata_pio.h
eata.c [SCSI] aha152x, eata, u14-34f: minor irq handler cleanups 2008-04-25 09:52:30 -05:00
esp_scsi.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-07-15 18:58:04 -07:00
esp_scsi.h [SCSI] esp: tidy up target reference counting 2008-06-25 12:36:13 -05:00
fd_mcs.c [SCSI] fd_mcs: convert to accessors and !use_sg cleanup 2008-01-11 18:22:35 -06:00
fdomain.c scsi: fix integer as NULL pointer warnings 2008-04-28 17:31:13 -07:00
fdomain.h
FlashPoint.c [SCSI] FlashPoint: fix off-by-one errors 2008-04-27 12:19:55 -05:00
g_NCR5380_mmio.c
g_NCR5380.c [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage 2007-11-25 12:19:26 +02:00
g_NCR5380.h
gdth_ioctl.h
gdth_proc.c [SCSI] gdth: don't call pci_free_consistent under spinlock 2008-02-18 09:02:25 -06:00
gdth_proc.h [SCSI] gdth: clean up host private data 2007-10-12 14:55:46 -04:00
gdth.c gdth: cdev lock_kernel() pushdown 2008-06-20 14:05:49 -06:00
gdth.h [SCSI] gdth: PCI probe cleanups, prep for PCI hotplug API conversion 2008-04-07 12:15:36 -05:00
gvp11.c [SCSI] wd33c93: fix up cut and paste error 2008-04-07 12:19:07 -05:00
gvp11.h
hosts.c driver core: remove KOBJ_NAME_LEN define 2008-07-21 21:54:52 -07:00
hptiop.c remove unnecessary <linux/hdreg.h> includes 2008-08-05 18:16:58 +02:00
hptiop.h [SCSI] hptiop: add more adapter models and other fixes 2008-01-11 18:28:06 -06:00
ibmmca.c [SCSI] remove use_sg_chaining 2008-01-30 13:14:02 -06:00
ide-scsi.c ide: fix regression caused by ide_device_{get,put}() addition (take 2) 2008-08-05 18:16:59 +02:00
imm.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
imm.h
in2000.c [SCSI] in2000: convert to accessors and !use_sg cleanup 2008-01-11 18:22:36 -06:00
in2000.h
initio.c [SCSI] Let scsi_cmnd->cmnd use request->cmd buffer 2008-05-02 10:18:22 -05:00
initio.h
ipr.c [SCSI] ipr: Fix HDIO_GET_IDENTITY oops for SATA devices 2008-07-11 13:45:48 -05:00
ipr.h [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
ips.c [SCSI] ips: remove spurious cpu_to_leX on outX statements 2008-04-07 12:19:11 -05:00
ips.h [SCSI] ips: trim trailing whitespace 2008-01-11 18:27:59 -06:00
iscsi_tcp.c [SCSI] libiscsi, iscsi_tcp, ib_iser: fix setting of can_queue with old tools. 2008-07-12 08:22:29 -05:00
iscsi_tcp.h [SCSI] iscsi_tcp: handle iscsi_cmd_task rename 2008-07-12 08:22:20 -05:00
jazz_esp.c [SCSI] jazz_esp, sgiwd93, sni_53c710, sun3x_esp: fix platform driver hotplug/coldplug 2008-04-27 12:33:04 -05:00
Kconfig [SCSI] sd: Support for SCSI disk (SBC) Data Integrity Field 2008-07-26 15:14:56 -04:00
lasi700.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
libiscsi.c [SCSI] libiscsi, iscsi_tcp, ib_iser: fix setting of can_queue with old tools. 2008-07-12 08:22:29 -05:00
libsrp.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
mac53c94.c [SCSI] remove use_sg_chaining 2008-01-30 13:14:02 -06:00
mac53c94.h
mac_esp.c MODULE_LICENSE expects "GPL v2", not "GPLv2" 2008-05-21 16:56:00 -07:00
mac_scsi.c [SCSI] Remove random noop unchecked_isa_dma users 2008-04-07 12:15:40 -05:00
mac_scsi.h
Makefile [SCSI] sd: Support for SCSI disk (SBC) Data Integrity Field 2008-07-26 15:14:56 -04:00
megaraid.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
megaraid.h
mesh.c [SCSI] SCSI: remove dev->power.power_state from mesh driver 2008-06-05 09:23:44 -05:00
mesh.h
mvme16x_scsi.c [SCSI] kmalloc + memset conversion to kzalloc 2007-10-12 14:41:00 -04:00
mvme147.c [SCSI] wd33c93: fix up cut and paste error 2008-04-07 12:19:07 -05:00
mvme147.h
mvsas.c drivers/scsi/mvsas.c: fix printk warnings 2008-05-01 08:04:03 -07:00
ncr53c8xx.c drivers/scsi/ncr53c8xx.c: fix warning 2008-05-01 08:04:02 -07:00
ncr53c8xx.h [SCSI] ncr53c8xx: Call scsi_host_put in release 2007-10-12 14:51:18 -04:00
NCR53c406a.c [SCSI] remove use_sg_chaining 2008-01-30 13:14:02 -06:00
NCR5380.c [SCSI] NCR5380: fix section mismatch 2008-01-23 13:44:31 -06:00
NCR5380.h [SCSI] NCR5380: Use scsi_eh API for REQUEST_SENSE invocation 2007-10-12 14:55:07 -04:00
NCR_D700.c [SCSI] kmalloc + memset conversion to kzalloc 2007-10-12 14:41:00 -04:00
NCR_D700.h
NCR_Q720.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
NCR_Q720.h
nsp32_debug.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
nsp32_io.h
nsp32.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
nsp32.h define global BIT macro 2007-10-19 11:53:42 -07:00
osst_detect.h
osst_options.h
osst.c Merge commit 'v2.6.26' into bkl-removal 2008-07-14 15:29:34 -06:00
osst.h [SCSI] osst: Use mutex instead of semaphore 2007-10-12 14:50:55 -04:00
pas16.c [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage 2007-11-25 12:19:26 +02:00
pas16.h
ppa.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
ppa.h
ps3rom.c [SCSI] ps3rom: use scsi_build_sense_buffer 2008-04-07 12:19:02 -05:00
ql1040_fw.h
ql1280_fw.h
ql12160_fw.h
qla1280.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
qla1280.h [SCSI] qla1280: eliminate wasted space in request and response ring 2007-10-23 12:35:35 -04:00
qlogicfas408.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
qlogicfas408.h
qlogicfas.c [SCSI] remove use_sg_chaining 2008-01-30 13:14:02 -06:00
qlogicpti_asm.c
qlogicpti.c [SCSI] qlogicpt: section fixes 2008-02-23 09:07:32 -06:00
qlogicpti.h [SCSI] qlogicpti: Add a slave_configure method 2007-10-12 14:52:38 -04:00
raid_class.c SCSI: convert struct class_device to struct device 2008-04-19 19:10:33 -07:00
script_asm.pl
scsi_debug.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_devinfo.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_error.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_ioctl.c [SCSI] sd,sr: add early detection of medium not present 2008-01-11 18:22:50 -06:00
scsi_lib_dma.c [SCSI] don't build scsi_dma_{map,unmap} for !HAS_DMA 2007-07-14 19:28:10 -05:00
scsi_lib.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_logging.h
scsi_module.c
scsi_netlink.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_priv.h [SCSI] Support devices with protection information 2008-07-26 15:14:55 -04:00
scsi_proc.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_sas_internal.h SCSI: convert struct class_device to struct device 2008-04-19 19:10:33 -07:00
scsi_scan.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_sysctl.c [SCSI] small cleanups 2007-07-18 11:16:32 -05:00
scsi_sysfs.c [SCSI] Host protection capabilities 2008-07-26 15:14:54 -04:00
scsi_tgt_if.c scsi-tgt: BKL pushdown 2008-07-02 15:06:25 -06:00
scsi_tgt_lib.c [SCSI] Let scsi_cmnd->cmnd use request->cmd buffer 2008-05-02 10:18:22 -05:00
scsi_tgt_priv.h [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_transport_api.h
scsi_transport_fc_internal.h [SCSI] fc_transport: add target driver support 2007-10-12 14:46:58 -04:00
scsi_transport_fc.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_transport_iscsi.c driver core: remove KOBJ_NAME_LEN define 2008-07-21 21:54:52 -07:00
scsi_transport_sas.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
scsi_transport_spi.c [SCSI] scsi_transport_spi: fix oops in revalidate 2008-07-30 10:22:39 -05:00
scsi_transport_srp_internal.h [SCSI] scsi_transport_srp: remove tgt dependencies 2007-10-12 14:38:09 -04:00
scsi_transport_srp.c SCSI: convert struct class_device to struct device 2008-04-19 19:10:33 -07:00
scsi_typedefs.h
scsi_wait_scan.c
scsi.c [SCSI] Support devices with protection information 2008-07-26 15:14:55 -04:00
scsi.h
scsicam.c [SCSI] Add Documentation and integrate into docbook build 2008-01-11 18:22:40 -06:00
sd_dif.c [SCSI] sd: Support for SCSI disk (SBC) Data Integrity Field 2008-07-26 15:14:56 -04:00
sd.c Revert "[SCSI] extend the last_sector_bug flag to cover more sectors" 2008-08-04 16:36:20 -07:00
sd.h Revert "[SCSI] extend the last_sector_bug flag to cover more sectors" 2008-08-04 16:36:20 -07:00
ses.c [SCSI] ses: fix VPD inquiry overrun 2008-07-30 10:21:56 -05:00
sg.c mm: rename page trylock 2008-08-04 21:31:34 -07:00
sgiwd93.c [SCSI] jazz_esp, sgiwd93, sni_53c710, sun3x_esp: fix platform driver hotplug/coldplug 2008-04-27 12:33:04 -05:00
sim710.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-07-22 11:36:49 -07:00
sni_53c710.c [SCSI] jazz_esp, sgiwd93, sni_53c710, sun3x_esp: fix platform driver hotplug/coldplug 2008-04-27 12:33:04 -05:00
sr_ioctl.c [SCSI] sr: fix test unit ready responses 2008-02-07 18:02:44 -06:00
sr_vendor.c
sr.c scsi: sr avoids useless buffer allocation 2008-07-04 09:52:14 +02:00
sr.h [SCSI] sr: fix test unit ready responses 2008-02-07 18:02:44 -06:00
st_options.h [SCSI] st: add option to use SILI in variable block reads 2008-04-07 12:15:39 -05:00
st.c [SCSI] st: Remove bogus memset 2008-07-26 15:14:47 -04:00
st.h [SCSI] st: add option to use SILI in variable block reads 2008-04-07 12:15:39 -05:00
stex.c [SCSI] stex: fix queue depth setting 2008-07-26 15:14:49 -04:00
sun3_NCR5380.c [SCSI] atari_NCR5380, sun3_NCR5380: operator precedence fix 2008-01-11 18:28:57 -06:00
sun3_scsi_vme.c [SCSI] sun3_scsi_vme: add MODULE_LICENSE 2008-04-16 09:28:11 -05:00
sun3_scsi.c [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage 2007-11-25 12:19:26 +02:00
sun3_scsi.h
sun3x_esp.c [SCSI] jazz_esp, sgiwd93, sni_53c710, sun3x_esp: fix platform driver hotplug/coldplug 2008-04-27 12:33:04 -05:00
sun_esp.c PAGE_ALIGN(): correctly handle 64-bit values on 32-bit architectures 2008-07-24 10:47:21 -07:00
sym53c416.c [SCSI] sym53c416: fix module parameters 2008-02-12 15:24:58 -06:00
sym53c416.h
t128.c [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage 2007-11-25 12:19:26 +02:00
t128.h
tmscsim.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
tmscsim.h [SCSI] tmscsim: Further clean-up of the driver 2007-07-14 18:56:33 -05:00
u14-34f.c [SCSI] u14-34f: Fix 32bit only problem 2008-05-02 13:18:06 -05:00
ultrastor.c scsi: fix integer as NULL pointer warnings 2008-04-28 17:31:13 -07:00
ultrastor.h
wd33c93.c [SCSI] WD33C93: let platform stub override no_sync/fast/dma_mode 2008-04-07 12:19:01 -05:00
wd33c93.h Spelling fix: explicitly 2007-10-19 23:22:55 +02:00
wd7000.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
zalon.c [SCSI] replace __FUNCTION__ with __func__ 2008-07-27 10:31:49 -04:00
zorro7xx.c m68k: zorro7xx needs <asm/amigahw.h> 2007-11-29 09:24:52 -08:00