 f84adf4921
			
		
	
	
	f84adf4921
	
	
	
		
			
			Replace llist_for_each_entry_safe with a while loop.
llist_for_each_entry_safe can trigger a bug in GCC 4.1, so it's best
to remove it and use a while loop and do the deletion manually.
Specifically this bug can be triggered by hot-unplugging a disk, either
by doing xm block-detach or by save/restore cycle.
BUG: unable to handle kernel paging request at fffffffffffffff0
IP: [<ffffffffa0047223>] blkif_free+0x63/0x130 [xen_blkfront]
The crash call trace is:
	...
bad_area_nosemaphore+0x13/0x20
do_page_fault+0x25e/0x4b0
page_fault+0x25/0x30
? blkif_free+0x63/0x130 [xen_blkfront]
blkfront_resume+0x46/0xa0 [xen_blkfront]
xenbus_dev_resume+0x6c/0x140
pm_op+0x192/0x1b0
device_resume+0x82/0x1e0
dpm_resume+0xc9/0x1a0
dpm_resume_end+0x15/0x30
do_suspend+0x117/0x1e0
When drilling down to the assembler code, on newer GCC it does
.L29:
        cmpq    $-16, %r12      #, persistent_gnt check
        je      .L30    	#, out of the loop
.L25:
	... code in the loop
        testq   %r13, %r13      # n
        je      .L29    	#, back to the top of the loop
        cmpq    $-16, %r12      #, persistent_gnt check
        movq    16(%r12), %r13  # <variable>.node.next, n
        jne     .L25    	#,	back to the top of the loop
.L30:
While on GCC 4.1, it is:
L78:
	... code in the loop
	testq   %r13, %r13      # n
        je      .L78    #,	back to the top of the loop
        movq    16(%rbx), %r13  # <variable>.node.next, n
        jmp     .L78    #,	back to the top of the loop
Which basically means that the exit loop condition instead of
being:
	&(pos)->member != NULL;
is:
	;
which makes the loop unbound.
Since xen-blkfront is the only user of the llist_for_each_entry_safe
macro remove it from llist.h.
Orabug: 16263164
CC: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
		
	
			
		
			
				
	
	
		
			186 lines
		
	
	
	
		
			6.2 KiB
			
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			186 lines
		
	
	
	
		
			6.2 KiB
			
		
	
	
	
		
			C
		
	
	
	
	
	
| #ifndef LLIST_H
 | |
| #define LLIST_H
 | |
| /*
 | |
|  * Lock-less NULL terminated single linked list
 | |
|  *
 | |
|  * If there are multiple producers and multiple consumers, llist_add
 | |
|  * can be used in producers and llist_del_all can be used in
 | |
|  * consumers.  They can work simultaneously without lock.  But
 | |
|  * llist_del_first can not be used here.  Because llist_del_first
 | |
|  * depends on list->first->next does not changed if list->first is not
 | |
|  * changed during its operation, but llist_del_first, llist_add,
 | |
|  * llist_add (or llist_del_all, llist_add, llist_add) sequence in
 | |
|  * another consumer may violate that.
 | |
|  *
 | |
|  * If there are multiple producers and one consumer, llist_add can be
 | |
|  * used in producers and llist_del_all or llist_del_first can be used
 | |
|  * in the consumer.
 | |
|  *
 | |
|  * This can be summarized as follow:
 | |
|  *
 | |
|  *           |   add    | del_first |  del_all
 | |
|  * add       |    -     |     -     |     -
 | |
|  * del_first |          |     L     |     L
 | |
|  * del_all   |          |           |     -
 | |
|  *
 | |
|  * Where "-" stands for no lock is needed, while "L" stands for lock
 | |
|  * is needed.
 | |
|  *
 | |
|  * The list entries deleted via llist_del_all can be traversed with
 | |
|  * traversing function such as llist_for_each etc.  But the list
 | |
|  * entries can not be traversed safely before deleted from the list.
 | |
|  * The order of deleted entries is from the newest to the oldest added
 | |
|  * one.  If you want to traverse from the oldest to the newest, you
 | |
|  * must reverse the order by yourself before traversing.
 | |
|  *
 | |
|  * The basic atomic operation of this list is cmpxchg on long.  On
 | |
|  * architectures that don't have NMI-safe cmpxchg implementation, the
 | |
|  * list can NOT be used in NMI handlers.  So code that uses the list in
 | |
|  * an NMI handler should depend on CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG.
 | |
|  *
 | |
|  * Copyright 2010,2011 Intel Corp.
 | |
|  *   Author: Huang Ying <ying.huang@intel.com>
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU General Public License version
 | |
|  * 2 as published by the Free Software Foundation;
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with this program; if not, write to the Free Software
 | |
|  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 | |
|  */
 | |
| 
 | |
| #include <linux/kernel.h>
 | |
| #include <asm/cmpxchg.h>
 | |
| 
 | |
| struct llist_head {
 | |
| 	struct llist_node *first;
 | |
| };
 | |
| 
 | |
| struct llist_node {
 | |
| 	struct llist_node *next;
 | |
| };
 | |
| 
 | |
| #define LLIST_HEAD_INIT(name)	{ NULL }
 | |
| #define LLIST_HEAD(name)	struct llist_head name = LLIST_HEAD_INIT(name)
 | |
| 
 | |
| /**
 | |
|  * init_llist_head - initialize lock-less list head
 | |
|  * @head:	the head for your lock-less list
 | |
|  */
 | |
| static inline void init_llist_head(struct llist_head *list)
 | |
| {
 | |
| 	list->first = NULL;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * llist_entry - get the struct of this entry
 | |
|  * @ptr:	the &struct llist_node pointer.
 | |
|  * @type:	the type of the struct this is embedded in.
 | |
|  * @member:	the name of the llist_node within the struct.
 | |
|  */
 | |
| #define llist_entry(ptr, type, member)		\
 | |
| 	container_of(ptr, type, member)
 | |
| 
 | |
| /**
 | |
|  * llist_for_each - iterate over some deleted entries of a lock-less list
 | |
|  * @pos:	the &struct llist_node to use as a loop cursor
 | |
|  * @node:	the first entry of deleted list entries
 | |
|  *
 | |
|  * In general, some entries of the lock-less list can be traversed
 | |
|  * safely only after being deleted from list, so start with an entry
 | |
|  * instead of list head.
 | |
|  *
 | |
|  * If being used on entries deleted from lock-less list directly, the
 | |
|  * traverse order is from the newest to the oldest added entry.  If
 | |
|  * you want to traverse from the oldest to the newest, you must
 | |
|  * reverse the order by yourself before traversing.
 | |
|  */
 | |
| #define llist_for_each(pos, node)			\
 | |
| 	for ((pos) = (node); pos; (pos) = (pos)->next)
 | |
| 
 | |
| /**
 | |
|  * llist_for_each_entry - iterate over some deleted entries of lock-less list of given type
 | |
|  * @pos:	the type * to use as a loop cursor.
 | |
|  * @node:	the fist entry of deleted list entries.
 | |
|  * @member:	the name of the llist_node with the struct.
 | |
|  *
 | |
|  * In general, some entries of the lock-less list can be traversed
 | |
|  * safely only after being removed from list, so start with an entry
 | |
|  * instead of list head.
 | |
|  *
 | |
|  * If being used on entries deleted from lock-less list directly, the
 | |
|  * traverse order is from the newest to the oldest added entry.  If
 | |
|  * you want to traverse from the oldest to the newest, you must
 | |
|  * reverse the order by yourself before traversing.
 | |
|  */
 | |
| #define llist_for_each_entry(pos, node, member)				\
 | |
| 	for ((pos) = llist_entry((node), typeof(*(pos)), member);	\
 | |
| 	     &(pos)->member != NULL;					\
 | |
| 	     (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member))
 | |
| 
 | |
| /**
 | |
|  * llist_empty - tests whether a lock-less list is empty
 | |
|  * @head:	the list to test
 | |
|  *
 | |
|  * Not guaranteed to be accurate or up to date.  Just a quick way to
 | |
|  * test whether the list is empty without deleting something from the
 | |
|  * list.
 | |
|  */
 | |
| static inline bool llist_empty(const struct llist_head *head)
 | |
| {
 | |
| 	return ACCESS_ONCE(head->first) == NULL;
 | |
| }
 | |
| 
 | |
| static inline struct llist_node *llist_next(struct llist_node *node)
 | |
| {
 | |
| 	return node->next;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * llist_add - add a new entry
 | |
|  * @new:	new entry to be added
 | |
|  * @head:	the head for your lock-less list
 | |
|  *
 | |
|  * Returns true if the list was empty prior to adding this entry.
 | |
|  */
 | |
| static inline bool llist_add(struct llist_node *new, struct llist_head *head)
 | |
| {
 | |
| 	struct llist_node *entry, *old_entry;
 | |
| 
 | |
| 	entry = head->first;
 | |
| 	for (;;) {
 | |
| 		old_entry = entry;
 | |
| 		new->next = entry;
 | |
| 		entry = cmpxchg(&head->first, old_entry, new);
 | |
| 		if (entry == old_entry)
 | |
| 			break;
 | |
| 	}
 | |
| 
 | |
| 	return old_entry == NULL;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * llist_del_all - delete all entries from lock-less list
 | |
|  * @head:	the head of lock-less list to delete all entries
 | |
|  *
 | |
|  * If list is empty, return NULL, otherwise, delete all entries and
 | |
|  * return the pointer to the first entry.  The order of entries
 | |
|  * deleted is from the newest to the oldest added one.
 | |
|  */
 | |
| static inline struct llist_node *llist_del_all(struct llist_head *head)
 | |
| {
 | |
| 	return xchg(&head->first, NULL);
 | |
| }
 | |
| 
 | |
| extern bool llist_add_batch(struct llist_node *new_first,
 | |
| 			    struct llist_node *new_last,
 | |
| 			    struct llist_head *head);
 | |
| extern struct llist_node *llist_del_first(struct llist_head *head);
 | |
| 
 | |
| #endif /* LLIST_H */
 |