Summary of changes from v2.6.0-test10 to v2.6.0-test11 ============================================ [libata] add Promise PCI id [PATCH] scsi device ref count (update) This patch is against scsi-bugfixes-2.6. I updated it based on comments received. It breaks up the reference count initialization for scsi_device and restores calling slave_destroy for all scsi_devices configured or not. I ran a small regression using the scsi_debug, aic7xxx, and qla2xxx driver. I also had a debug patch for more verbose kobject cleanup and patch for a badness check on atomic_dec going negative (previously provided by Linus). The object cleanup appears to being functioning correctly. I only saw previously reported badness output: - Synchronizing SCSI cache fails on cleanup. - scsi_debug.c missing release (I believe Doug posted a patch) - aic7xxx warnings on rmmod due to ahc_platform_free calling scsi_remove_host with ahc_list_lock held. This patch splits the scsi device struct device register into init and add. It also addresses memory leak issues of not calling slave_destroy on scsi_devices that are not configured in. Details: * Make scsi_device_dev_release extern for scsi_scan to use in alloc_sdev. * Move scsi_free_sdev code to scsi_device_dev_release. Have previous callers of scsi_free_sdev call slave_destroy plus put_device. * Changed name of scsi_device_register to scsi_sysfs_add_sdev to match host call and align with split struct device init. * Move sdev_gendev device and class init to scsi_alloc_sdev. Thu Nov 20 22:56:11 PST 2003 drivers/scsi/scsi_priv.h | 4 +- drivers/scsi/scsi_scan.c | 63 +++++++++++++++++++++------------------------- drivers/scsi/scsi_sysfs.c | 58 ++++++++++++++++++++++-------------------- 3 files changed, 62 insertions(+), 63 deletions(-) Updated state model for SCSI devices I've been looking at enforcing lifetime phases for SCSI devices (primarily to try to get the mid layer to offload as much of the device creation and hotplug pieces as it can). I've hijacked the sdev_state field of the struct scsi_device (formerly this was a bitmap, now it becomes an enumerated state). I've also begun adding references sdev_gendev into the code to pin the scsi_device---initially in the queue function, but possibly this should also be done in the scsi_command_get/put, the idea being to prevent scsi_device freeing while there's still device activity. The object phases I identified are: 1. SDEV_CREATED - we've just allocated the device. It may respond to internally generated commands, but not to user ones (the user should actually have no way to access a device in this state, but just in case). 2. SDEV_RUNNING - the device is fully operational 3. SDEV_CANCEL - The device is cleanly shutting down. It may respond to internally generated commands (for cancellation/recovery) only; all user commands are errored unless they have already been queued (QUEUE_FULL handling and the like). 4. SDEV_DEL - The device is gone. *all* commands are errored out. Ordinarily, the device should move through all four phases from creation to destruction, but moving SDEV_RUNNING->SDEV_DEL because of surprise ejection should work. It's starting to look like the online flag should be absorbed into this (offlined devices move essentially to SDEV_CANCEL and could be reactivated by moving to SDEV_RUNNING). I haven't altered the similar bitmap model that scsi_host has, although this too should probably move to an enumerated state model. I've tested this by physically yanking a module out from underneath a running filesystem with no ill effects (other than a slew of I/O errors). The obvious problem is that this kills possible user error handling, but we don't do any of that yet. [IPV6]: Multicast output bypasses netfilter hooks, fix. Noted by Harald Welte (laforge@netfilter.org) Fix locking problems in scsi_report_bus_reset() causing aic7xxx to hang All the users of this function in the SCSI tree call it with the host lock held. With the new list traversal code, it was trying to take the lock again to traverse the list. Fix it to use the unlocked version of list traversal and modify the header comments to make it clear that the lock is expected to be held on calling it. [libata] Fix flush of Device Control register to device Also add some ServerWorks-specific tweaks. [libata] bump versions for core and serverworks driver [NET]: In sock_queue_rcv_skb(), do not deref skb->len after it is queued to the socket. In implementations that use no socket locking, such as RAW sockets, once we queue the SKB to the socket another cpu can remove the SKB from the socket queue and free up the SKB making the skb->len access touch freed memory. Based upon a report from Burton Windle, kernel bugzilla #937 [PPPOE]: Do not leak SKB if sock_queue_rcv_skb() fails. [ECONET]: Do not leak SKBs if ec_queue_packet() fails. Also, make sure NET_RX_DROP is returned if we did not accept the packet. Fix error return on concurrent fork() with threaded exit() [PATCH] JFS: Avoid segfault when dirty inodes are written on readonly mount This fixes an oops that can occur if JFS is used as the root filesystem. Writes to a device node may cause a ->write_inode to be called during a read-only mount. JFS needs to check for NULL log in jfs_flush_journal. [IPV6]: Redo stateless addrconf properly. When bringing an interface down do not forget to clear the IF_RS_SENT and IF_RA_RCVD flags. [BRIDGE]: Fix netfilter config tests. The br_netfilter_{init,fini}() calls need to be guarded by BRIDGE_NETFILTER, from Michal Janusz Miroslaw. [SPARC]: Add stub sched_clock() implementation. [SPARC]: Fix build failures in IGA frame buffer introduced by janitor changes. Most of the breakage came from cset 1.838.10.3 [IRDA]: Fix SKB leaks. Do not special case ENOMEM as an error code, we should free up the packet for all errors. ia64: Correct FIXADDR_USER_END so that single-stepping in the gate DSO works again. ia64: Make core-dumps work even when executing in the gate DSO. Tracked down by Rohit Seth. [PATCH] fix smsc-ircc2.c double free This fixes a small, but important bug in smsc-ircc2.c. Without this the driver tries release the same region twice. [PATCH] prevent oops from read of proc entry for tty drivers There are /proc handles there setup by proc_tty_register_driver, but there is no module ownership association, so anything that reads after module unload will blow. The trivial fix is to propagate the owner of tty_driver to proc entry. [PATCH] Lastminute IEEE-1394 fixes I've got a lot more changes than what's included here. I've put this down to the bear minimum to get things working sanely. Mainly, I just want to get all the people hit by this a chance to use 2.6.0 without having to get our tree. Changes itemized: - Fix deadlock possibility in csr.c:read_maps() - Fix kmalloc to use ATOMIC in highlevel.c. - s/in_interrupt/irqs_disabled/ in ieee1394_transactions.c to fix warnings when transactions occured. - Introduce a release callback for the host driver and use it correctly. - Reorganize the nodemgr probe so we do an initial scan to discover devices, check IRM/CycleMaster, then do a final full probe when things are kosher. Fixes a problem where device registration and hotplug would cause some serious problems when a bus reset was forced in the middle of the probe. Linux 2.6.0-test11