linux/drivers/block
Konrad Rzeszutek Wilk f84adf4921 xen-blkfront: drop the use of llist_for_each_entry_safe
Replace llist_for_each_entry_safe with a while loop.

llist_for_each_entry_safe can trigger a bug in GCC 4.1, so it's best
to remove it and use a while loop and do the deletion manually.

Specifically this bug can be triggered by hot-unplugging a disk, either
by doing xm block-detach or by save/restore cycle.

BUG: unable to handle kernel paging request at fffffffffffffff0
IP: [<ffffffffa0047223>] blkif_free+0x63/0x130 [xen_blkfront]
The crash call trace is:
	...
bad_area_nosemaphore+0x13/0x20
do_page_fault+0x25e/0x4b0
page_fault+0x25/0x30
? blkif_free+0x63/0x130 [xen_blkfront]
blkfront_resume+0x46/0xa0 [xen_blkfront]
xenbus_dev_resume+0x6c/0x140
pm_op+0x192/0x1b0
device_resume+0x82/0x1e0
dpm_resume+0xc9/0x1a0
dpm_resume_end+0x15/0x30
do_suspend+0x117/0x1e0

When drilling down to the assembler code, on newer GCC it does
.L29:
        cmpq    $-16, %r12      #, persistent_gnt check
        je      .L30    	#, out of the loop
.L25:
	... code in the loop
        testq   %r13, %r13      # n
        je      .L29    	#, back to the top of the loop
        cmpq    $-16, %r12      #, persistent_gnt check
        movq    16(%r12), %r13  # <variable>.node.next, n
        jne     .L25    	#,	back to the top of the loop
.L30:

While on GCC 4.1, it is:
L78:
	... code in the loop
	testq   %r13, %r13      # n
        je      .L78    #,	back to the top of the loop
        movq    16(%rbx), %r13  # <variable>.node.next, n
        jmp     .L78    #,	back to the top of the loop

Which basically means that the exit loop condition instead of
being:

	&(pos)->member != NULL;

is:
	;

which makes the loop unbound.

Since xen-blkfront is the only user of the llist_for_each_entry_safe
macro remove it from llist.h.

Orabug: 16263164
CC: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2013-02-19 15:17:08 -05:00
..
aoe aoe: fix use after free in aoedev_by_aoeaddr() 2012-12-17 17:15:26 -08:00
drbd drbd: fix potential protocol error and resulting disconnect/reconnect 2013-01-21 22:58:36 +01:00
mtip32xx mtip32xx: fix for crash when the device surprise removed during rebuild 2013-01-11 14:35:58 +01:00
paride paride/pcd: fix bool verbose module parameter. 2012-01-13 09:32:26 +10:30
xen-blkback xen/blkback: Don't trust the handle from the frontend. 2013-02-19 15:17:03 -05:00
amiflop.c fs: move code out of buffer.c 2012-01-03 22:54:07 -05:00
ataflop.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
brd.c block: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:16 +08:00
cciss_cmd.h cciss: use new doorbell-bit-5 reset method 2011-05-06 08:23:55 -06:00
cciss_scsi.c cciss: fix handling of protocol error 2012-09-18 11:57:08 +02:00
cciss_scsi.h cciss: add cciss_tape_cmds module paramter 2011-05-06 08:23:59 -06:00
cciss.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
cciss.h cciss: Adds simple mode functionality 2011-08-08 11:40:15 +02:00
cpqarray.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
cpqarray.h
cryptoloop.c
DAC960.c dac960: Remove unused variables from DAC960_CreateProcEntries() 2012-05-11 16:42:14 +02:00
DAC960.h
floppy.c floppy: destroy floppy workqueue before cleaning up the queue 2012-11-23 14:32:54 +01:00
hd.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ida_cmd.h
ida_ioctl.h
Kconfig cciss: select CONFIG_CHECK_SIGNATURE 2012-10-30 08:37:00 +01:00
loop.c Merge branch 'for-3.8/drivers' of git://git.kernel.dk/linux-block 2012-12-17 13:39:11 -08:00
Makefile block: remove the deprecated ub driver 2012-09-05 17:18:53 -07:00
mg_disk.c mg_disk: Use struct dev_pm_ops for power management 2012-07-06 19:07:00 +02:00
nbd.c nbd: handle discard requests 2012-10-06 03:05:24 +09:00
nvme.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
osdblk.c block: Add bio_clone_bioset(), bio_clone_kmalloc() 2012-09-09 10:35:39 +02:00
pktcdvd.c pktcdvd: Switch to bio_kmalloc() 2012-09-09 10:35:39 +02:00
ps3disk.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
ps3vram.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
rbd_types.h rbd: get rid of RBD_MAX_SEG_NAME_LEN 2012-12-17 08:37:29 -06:00
rbd.c rbd: get rid of rbd_{get,put}_dev() 2012-12-20 10:56:44 -06:00
smart1,2.h fix typos 'comamnd' -> 'command' in comments 2011-02-02 11:31:21 +01:00
sunvdc.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
swim3.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
swim_asm.S
swim.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
sx8.c block, sx8: fix pointer math issue getting fw version 2012-03-03 19:44:39 +01:00
umem.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
umem.h
virtio_blk.c Various minor fixes, but a slightly more complex one to fix the per-cpu overload 2013-01-20 16:44:28 -08:00
xd.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
xd.h
xen-blkfront.c xen-blkfront: drop the use of llist_for_each_entry_safe 2013-02-19 15:17:08 -05:00
xsysace.c Drivers: block: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
z2ram.c drivers/block/z2ram.c: correct printing of sector_t 2010-10-28 06:15:26 -06:00