usbfs race while mounting/umounting

From: Wolfram Gloger (wg@malloc.de)
Date: Fri Oct 11 2002 - 03:47:23 EST

Next message: Nicholas Hockey: "Re: kernel memory leak?"
Previous message: Gabor Z. Papp: "IDE PDC20268 in Linux 2.4.20-pre10"
Next in thread: Wolfram Gloger: "Re: usbfs race while mounting/umounting"
Reply: Wolfram Gloger: "Re: usbfs race while mounting/umounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Please CC me on replies, thx]

I use usbfs, but normally have only a single USB device connected, a
generic mouse. When usbfs is unmounted on shutdown, I see "BUG at
inode.c:1034" in between 5% and 50% of all cases, the backtrace being
iput(), free_inode(), usbdevfs_put_super(), kill_super(), __mntput(),
etc.

I believe this to be a long standing problem, I remember seeing this
in 2.2.x as well, more than a year ago. Then I moved the mouse to a
2.4.x system, and I've seen the problem ever since. As a workaround,
I have moved the "umount /proc/bus/usb" after all disk umounts, but I
believe I've now finally tracked down the cause.

drivers/usb/inode.c says that all calls of its inode-list-manipulating
functions must occur with the kernel lock held. usbdevfs_read_super()
does _not_ do this, however, and I strongly suspect that my mouse is
auto-detected (occasionally) exactly while usbfs is being mounted.
The result is that the same inode ends up twice in usbfs's lists,
hence the "BUG in inode.c:1034" when it is iput() twice on shutdown.
The appended patch has fixed the problem for me, although I've only
done a few boot cycles with it.

Regards,
Wolfram.

--- drivers/usb/inode.c.orig Sat Aug 3 02:39:45 2002
+++ drivers/usb/inode.c Fri Oct 11 10:13:13 2002
@@ -628,6 +628,7 @@
         s->s_root = d_alloc_root(root_inode);
         if (!s->s_root)
                 goto out_no_root;
+ lock_kernel();
         list_add_tail(&s->u.usbdevfs_sb.slist, &superlist);
         for (i = 0; i < NRSPECIAL; i++) {
                 if (!(inode = iget(s, IROOT+1+i)))
@@ -639,13 +640,12 @@
                 list_add_tail(&inode->u.usbdev_i.slist, &s->u.usbdevfs_sb.ilist);
                 list_add_tail(&inode->u.usbdev_i.dlist, &special[i].inodes);
         }
- down (&usb_bus_list_lock);
         for (blist = usb_bus_list.next; blist != &usb_bus_list; blist = blist->next) {
                 bus = list_entry(blist, struct usb_bus, bus_list);
                 new_bus_inode(bus, s);
                 recurse_new_dev_inode(bus->root_hub, s);
         }
- up (&usb_bus_list_lock);
+ unlock_kernel();
         return s;

  out_no_root:

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicholas Hockey: "Re: kernel memory leak?"
Previous message: Gabor Z. Papp: "IDE PDC20268 in Linux 2.4.20-pre10"
Next in thread: Wolfram Gloger: "Re: usbfs race while mounting/umounting"
Reply: Wolfram Gloger: "Re: usbfs race while mounting/umounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Oct 15 2002 - 22:00:41 EST