Re: [PATCH 2.6] to fix i2o_proc kernel panic on access of /proc/i2o/iop0/lct
From: Warren Togami
Date: Sun May 09 2004 - 08:09:44 EST
Markus Lidel wrote:
Hello,
Ingo Oeser wrote:
the patch fixes a bug in the i2o_proc.c module, where the kernel
panics, if you access /proc/i2o/iop0/lct and read more then 1024
bytes of it.
The problem was, that no paging was implemented by the function. This
is now solved.
What about solving this properly and using the seq_file API for this
problem class as anywhere else in the kernel?
Code will also get much more readable by this ;-)
Didn't know of the seq_file API. But you are right, now it looks much
cleaner than before. Thanks for telling me!
Thanks Markus! This patch seems to solve the x86-64 rmmod oops.
Unfortunately I have discovered another problem, a fix for that problem,
then another problem after that. I tested it by running the two scripts
below simultaneously. Not long after running the scripts it triggered
many oopses and eventually a panic.
#!/bin/bash
date
modprobe i2o_proc
modprobe -r i2o_proc
exec $0
#!/bin/bash
cat /proc/i2o/iop0/lct
exec $0
http://togami.com/~warren/temp/i2o_proc.log.bz2
bzip2 compressed log from the netconsole, showing the many oops and
tracebacks all the way to the final panic. (I suspect this problem may
exist in many other kernel modules too?)
--- kernel-2.6.5.orig/linux-2.6.5/drivers/message/i2o/i2o_proc.c
2004-04-03 17:37:25.000000000 -1000
+++ kernel-2.6.5/linux-2.6.5/drivers/message/i2o/i2o_proc.c
2004-05-09 01:18:05.667902973 -1000
@@ -3329,6 +3329,7 @@
i2o_proc_dir_root = proc_mkdir("i2o", 0);
if(!i2o_proc_dir_root)
return -1;
+ i2o_proc_dir_root->owner = THIS_MODULE;
for(i = 0; i < MAX_I2O_CONTROLLERS; i++)
{
Al Viro immediately saw the race condition as ->owner not being set.
Adding the above patch seems to prevent oops and panic when
simultaneously running the two scripts. This test has been done on x86-64.
Unfortunately the modprobe script stops at a certain point when it
attempts to load the module. With the other script still looping, it
appears to cause this:
[root@i2obox64 root]# lsmod
Module Size Used by
i2o_proc 53056 4294961501
And dmesg repeats this message billions of times:
de_put: entry i2o already free!
I am guessing this is some kind of locking trouble? In any case after
this ->owner fix this module is no longer problematic, mainly because
NOBODY has any good reason to be using the i2o_proc module (or load and
unload it rapidly), and it is not necessary for normal i2o_block usage.
Warren Togami
wtogami@xxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/