From 34bb61f9ddabd7a7f909cbfb05592eb775f6662a Mon Sep 17 00:00:00 2001 From: James Bottomley Date: Tue, 6 Sep 2005 16:56:51 -0700 Subject: [PATCH] fix klist semantics for lists which have elements removed on traversal The problem is that klists claim to provide semantics for safe traversal of lists which are being modified. The failure case is when traversal of a list causes element removal (a fairly common case). The issue is that although the list node is refcounted, if it is embedded in an object (which is universally the case), then the object will be freed regardless of the klist refcount leading to slab corruption because the klist iterator refers to the prior element to get the next. The solution is to make the klist take and release references to the embedding object meaning that the embedding object won't be released until the list relinquishes the reference to it. (akpm: fast-track this because it's needed for the 2.6.13 scsi merge) Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/base/bus.c | 34 ++++++++++++++++++++++++++++++++-- drivers/base/core.c | 17 ++++++++++++++++- drivers/base/driver.c | 15 ++++++++++++++- 3 files changed, 62 insertions(+), 4 deletions(-) (limited to 'drivers/base') diff --git a/drivers/base/bus.c b/drivers/base/bus.c index 17e96698410e..03204bfd17af 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c @@ -568,6 +568,36 @@ static void bus_remove_attrs(struct bus_type * bus) } } +static void klist_devices_get(struct klist_node *n) +{ + struct device *dev = container_of(n, struct device, knode_bus); + + get_device(dev); +} + +static void klist_devices_put(struct klist_node *n) +{ + struct device *dev = container_of(n, struct device, knode_bus); + + put_device(dev); +} + +static void klist_drivers_get(struct klist_node *n) +{ + struct device_driver *drv = container_of(n, struct device_driver, + knode_bus); + + get_driver(drv); +} + +static void klist_drivers_put(struct klist_node *n) +{ + struct device_driver *drv = container_of(n, struct device_driver, + knode_bus); + + put_driver(drv); +} + /** * bus_register - register a bus with the system. * @bus: bus. @@ -602,8 +632,8 @@ int bus_register(struct bus_type * bus) if (retval) goto bus_drivers_fail; - klist_init(&bus->klist_devices); - klist_init(&bus->klist_drivers); + klist_init(&bus->klist_devices, klist_devices_get, klist_devices_put); + klist_init(&bus->klist_drivers, klist_drivers_get, klist_drivers_put); bus_add_attrs(bus); pr_debug("bus type '%s' registered\n", bus->name); diff --git a/drivers/base/core.c b/drivers/base/core.c index c8a33df00761..6ab73f5c799a 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -191,6 +191,20 @@ void device_remove_file(struct device * dev, struct device_attribute * attr) } } +static void klist_children_get(struct klist_node *n) +{ + struct device *dev = container_of(n, struct device, knode_parent); + + get_device(dev); +} + +static void klist_children_put(struct klist_node *n) +{ + struct device *dev = container_of(n, struct device, knode_parent); + + put_device(dev); +} + /** * device_initialize - init device structure. @@ -207,7 +221,8 @@ void device_initialize(struct device *dev) { kobj_set_kset_s(dev, devices_subsys); kobject_init(&dev->kobj); - klist_init(&dev->klist_children); + klist_init(&dev->klist_children, klist_children_get, + klist_children_put); INIT_LIST_HEAD(&dev->dma_pools); init_MUTEX(&dev->sem); } diff --git a/drivers/base/driver.c b/drivers/base/driver.c index 291c5954a3af..ef3fe513e398 100644 --- a/drivers/base/driver.c +++ b/drivers/base/driver.c @@ -142,6 +142,19 @@ void put_driver(struct device_driver * drv) kobject_put(&drv->kobj); } +static void klist_devices_get(struct klist_node *n) +{ + struct device *dev = container_of(n, struct device, knode_driver); + + get_device(dev); +} + +static void klist_devices_put(struct klist_node *n) +{ + struct device *dev = container_of(n, struct device, knode_driver); + + put_device(dev); +} /** * driver_register - register driver with bus @@ -157,7 +170,7 @@ void put_driver(struct device_driver * drv) */ int driver_register(struct device_driver * drv) { - klist_init(&drv->klist_devices); + klist_init(&drv->klist_devices, klist_devices_get, klist_devices_put); init_completion(&drv->unloaded); return bus_add_driver(drv); } -- cgit v1.2.3