block: fix deadlock in blk_abort_queue() for drivers that readd to timeout list
Hannes Reinecke [Wed, 18 Feb 2009 09:30:15 +0000 (10:30 +0100)]
blk_abort_queue() iterates the timeout list and aborts each request on the
list, but if the driver error handling readds a request to the timeout list
during this processing, we could be looping forever. Fix this by splicing
current entries to a local list and run over that list instead.

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

block/blk-timeout.c

index a095353..bbbdc4b 100644 (file)
@@ -209,12 +209,19 @@ void blk_abort_queue(struct request_queue *q)
 {
        unsigned long flags;
        struct request *rq, *tmp;
+       LIST_HEAD(list);
 
        spin_lock_irqsave(q->queue_lock, flags);
 
        elv_abort_queue(q);
 
-       list_for_each_entry_safe(rq, tmp, &q->timeout_list, timeout_list)
+       /*
+        * Splice entries to local list, to avoid deadlocking if entries
+        * get readded to the timeout list by error handling
+        */
+       list_splice_init(&q->timeout_list, &list);
+
+       list_for_each_entry_safe(rq, tmp, &list, timeout_list)
                blk_abort_request(rq);
 
        spin_unlock_irqrestore(q->queue_lock, flags);