+++ This bug was initially created as a clone of Bug #472005 +++ Description of problem: General protection exception during input device removal. Version-Release number of selected component (if applicable): kernel-2.6.9-78.0.5.ELsmp How reproducible: surprise removal of USB root hub or USB input devices triggers this problem. It is infrequent and occurs perhaps once per several hundred device removals. This has only been seen on systems with 8 CPUs. Steps to Reproduce: 1. Induce moderate (disk-IO) workload. 2. Perform suprise device removals. 3. Actual results: Kernel panic occurs Expected results: No panic Additional info: Two memory dumps from this problem are available. Analysis of the dumps will be attached. In summary, the problem seems to occur because there is no locking or reference counting to protect input_devices_read from referencing structures concurrently with their deallocation by unregistering input devices.
Created attachment 336513 [details] Patch to add mutex locking to the dev list the following patch is a follow-on to the patch originally committed in bugzilla 472005.
Patch needs to be tested and posted by 3/25, and clean up the patch before posting please.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Jim - this is now late per PeterM's comment - what's the status?
Created attachment 337047 [details] Incremental patch to fix locking This is an incremental patch to fix the locking. This applies on top of the main patch attached to Bug 472005. This patch has already been ack'ed on rhkernel-list.
I'm assuming this follow-on patch has been POSTed as well (not just the initial patch?)
Committed in 86.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
~~ Attention Partners! Snap 3 Released ~~ RHEL 4.8 Snapshot 3 has been released on partners.redhat.com. There should be a fix present that resolves this bug. If you encounter any issues, please set the bug back to the ASSIGNED state and describe the issues you encountered. If you have found a NEW bug, clone this bug and describe the issues you encountered. Further questions can be directed to your Red Hat Partner Manager. If you have VERIFIED the bug fix. Please select your PartnerID from the Verified field above. Please leave a comment with your test results details. Include which arches tested, package version and any applicable logs.
Jim, could you please provide additional details regarding Status's verification results?
The patch in this BZ has caused a regression. Please post a patch ASAP. mutex_lock() was getting called twice in a row. Specifically: #ifdef CONFIG_HOTPLUG + mutex_unlock(&input_mutex); input_call_hotplug("remove", dev); + mutex_lock(&input_mutex); #endif mutex_lock(&input_mutex);
Closing as a dupe of the original bug, since this will be fixed for sure in RHEL 4.9. *** This bug has been marked as a duplicate of bug 472005 ***
Commits 2e15431e2b263e57b39db872f0431e2aaedd239a (incremental patch) and 6081c416296fd779c2211df4a31bce514aa9a7d2 need to be reverted. P.
I have reverted following two patches in 89.EL. Rpms are available at http://people.redhat.com/vgoyal/rhel4/. Changelog. -Revert "fix race condition in input.c (Vivek Goyal) [491940] -Revert "more fixes for fix race condition in input.c" (Vivek Goyal) [491940] git commits. -------------- 6081c416296fd779c2211df4a31bce514aa9a7d2 2e15431e2b263e57b39db872f0431e2aaedd239a
*** This bug has been marked as a duplicate of bug 472005 ***