• Konrad Rzeszutek Wilk's avatar
    xen-blkfront: drop the use of llist_for_each_entry_safe · f84adf49
    Konrad Rzeszutek Wilk authored
    Replace llist_for_each_entry_safe with a while loop.
    
    llist_for_each_entry_safe can trigger a bug in GCC 4.1, so it's best
    to remove it and use a while loop and do the deletion manually.
    
    Specifically this bug can be triggered by hot-unplugging a disk, either
    by doing xm block-detach or by save/restore cycle.
    
    BUG: unable to handle kernel paging request at fffffffffffffff0
    IP: [<ffffffffa0047223>] blkif_free+0x63/0x130 [xen_blkfront]
    The crash call trace is:
    	...
    bad_area_nosemaphore+0x13/0x20
    do_page_fault+0x25e/0x4b0
    page_fault+0x25/0x30
    ? blkif_free+0x63/0x130 [xen_blkfront]
    blkfront_resume+0x46/0xa0 [xen_blkfront]
    xenbus_dev_resume+0x6c/0x140
    pm_op+0x192/0x1b0
    device_resume+0x82/0x1e0
    dpm_resume+0xc9/0x1a0
    dpm_resume_end+0x15/0x30
    do_suspend+0x117/0x1e0
    
    When drilling down to the assembler code, on newer GCC it does
    .L29:
            cmpq    $-16, %r12      #, persistent_gnt check
            je      .L30    	#, out of the loop
    .L25:
    	... code in the loop
            testq   %r13, %r13      # n
            je      .L29    	#, back to the top of the loop
            cmpq    $-16, %r12      #, persistent_gnt check
            movq    16(%r12), %r13  # <variable>.node.next, n
            jne     .L25    	#,	back to the top of the loop
    .L30:
    
    While on GCC 4.1, it is:
    L78:
    	... code in the loop
    	testq   %r13, %r13      # n
            je      .L78    #,	back to the top of the loop
            movq    16(%rbx), %r13  # <variable>.node.next, n
            jmp     .L78    #,	back to the top of the loop
    
    Which basically means that the exit loop condition instead of
    being:
    
    	&(pos)->member != NULL;
    
    is:
    	;
    
    which makes the loop unbound.
    
    Since xen-blkfront is the only user of the llist_for_each_entry_safe
    macro remove it from llist.h.
    
    Orabug: 16263164
    CC: stable@vger.kernel.org
    Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    f84adf49
xen-blkfront.c 42.7 KB