From 28afea5b2ffaa48f4f43d22ae8edcc384c05df80 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Tue, 19 May 2009 08:25:48 +0200 Subject: [PATCH 1/3] xen/blkfront: allow xenbus state transition to Closing->Closed when not Connected This situation can occur when attempting to attach a block device whose backend is an empty physical CD-ROM driver. The backend in this case will go directly from the Initialising state to Closing->Closed. Previously this would result in a NULL pointer deref on info->gd (xenbus_dev_fatal does not return as a1a15ac5 seems to expect) Cc: stable@kernel.org Signed-off-by: Ian Campbell Acked-by: Jeremy Fitzhardinge Signed-off-by: Jens Axboe --- drivers/block/xen-blkfront.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c index 8f905089b72b..6971a12e8b9b 100644 --- a/drivers/block/xen-blkfront.c +++ b/drivers/block/xen-blkfront.c @@ -977,8 +977,10 @@ static void backend_changed(struct xenbus_device *dev, break; case XenbusStateClosing: - if (info->gd == NULL) - xenbus_dev_fatal(dev, -ENODEV, "gd is NULL"); + if (info->gd == NULL) { + xenbus_frontend_closed(dev); + break; + } bd = bdget_disk(info->gd, 0); if (bd == NULL) xenbus_dev_fatal(dev, -ENODEV, "bdget failed"); From 31a14400e8f365e5d4d1a0b2a1ef4d5405d6091e Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Tue, 19 May 2009 08:27:42 +0200 Subject: [PATCH 2/3] xen/blkfront: fix warning when deleting gendisk on unplug/shutdown Currently blkfront gives a warning when hot unplugging due to calling del_gendisk() with interrupts disabled (due to blkif_io_lock). WARNING: at kernel/softirq.c:124 local_bh_enable+0x36/0x84() Modules linked in: xenfs xen_netfront ext3 jbd mbcache xen_blkfront Pid: 13, comm: xenwatch Not tainted 2.6.29-xs5.5.0.13 #3 Call Trace: [] warn_slowpath+0x80/0xb6 [] xen_sched_clock+0x16/0x63 [] xen_force_evtchn_callback+0xc/0x10 [] check_events+0x8/0xe [] xen_restore_fl_direct_end+0x0/0x1 [] xen_mc_flush+0x10a/0x13f [] __switch_to+0x114/0x14e [] dequeue_task+0x62/0x70 [] finish_task_switch+0x2b/0x84 [] schedule+0x66d/0x6e7 [] xen_force_evtchn_callback+0xc/0x10 [] xen_force_evtchn_callback+0xc/0x10 [] local_bh_enable+0x36/0x84 [] sk_filter+0x57/0x5c [] netlink_broadcast+0x1d5/0x315 [] kobject_uevent_env+0x28d/0x331 [] device_del+0x10f/0x120 [] device_unregister+0x8/0x10 [] bdi_unregister+0x2d/0x39 [] unlink_gendisk+0x23/0x3e [] del_gendisk+0x7b/0xe7 [] blkfront_closing+0x28/0x6e [xen_blkfront] [] backend_changed+0x3ad/0x41d [xen_blkfront] We can fix this by calling del_gendisk() later in blkfront_closing, after releasing blkif_io_lock. Since the queue is stopped during the interrupts disabled phase I don't think there is any danger of an event occuring between releasing the blkif_io_lock and deleting the disk. Signed-off-by: Ian Campbell Cc: Jeremy Fitzhardinge Signed-off-by: Jens Axboe --- drivers/block/xen-blkfront.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c index 6971a12e8b9b..a6cbf7b808e6 100644 --- a/drivers/block/xen-blkfront.c +++ b/drivers/block/xen-blkfront.c @@ -934,8 +934,6 @@ static void blkfront_closing(struct xenbus_device *dev) spin_lock_irqsave(&blkif_io_lock, flags); - del_gendisk(info->gd); - /* No more blkif_request(). */ blk_stop_queue(info->rq); @@ -949,6 +947,8 @@ static void blkfront_closing(struct xenbus_device *dev) blk_cleanup_queue(info->rq); info->rq = NULL; + del_gendisk(info->gd); + out: xenbus_frontend_closed(dev); } From d3375ea7213d09284ee3683d8bc075b9d3786a03 Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Wed, 20 May 2009 08:42:06 +0200 Subject: [PATCH 3/3] cdrom: beyond ARRAY_SIZE of viocd_diskinfo Do not go beyond ARRAY_SIZE of viocd_diskinfo Signed-off-by: Roel Kluin Signed-off-by: Jens Axboe --- drivers/cdrom/viocd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cdrom/viocd.c b/drivers/cdrom/viocd.c index 13929356135c..9b1624e0ddeb 100644 --- a/drivers/cdrom/viocd.c +++ b/drivers/cdrom/viocd.c @@ -587,7 +587,7 @@ static int viocd_probe(struct vio_dev *vdev, const struct vio_device_id *id) struct device_node *node = vdev->dev.archdata.of_node; deviceno = vdev->unit_address; - if (deviceno > VIOCD_MAX_CD) + if (deviceno >= VIOCD_MAX_CD) return -ENODEV; if (!node) return -ENODEV;