[PATCH] fix klist semantics for lists which have elements removed on traversal

The problem is that klists claim to provide semantics for safe traversal of
lists which are being modified.  The failure case is when traversal of a
list causes element removal (a fairly common case).  The issue is that
although the list node is refcounted, if it is embedded in an object (which
is universally the case), then the object will be freed regardless of the
klist refcount leading to slab corruption because the klist iterator refers
to the prior element to get the next.

The solution is to make the klist take and release references to the
embedding object meaning that the embedding object won't be released until
the list relinquishes the reference to it.

(akpm: fast-track this because it's needed for the 2.6.13 scsi merge)

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 17e9669..03204bf 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -568,6 +568,36 @@
 	}
 }
 
+static void klist_devices_get(struct klist_node *n)
+{
+	struct device *dev = container_of(n, struct device, knode_bus);
+
+	get_device(dev);
+}
+
+static void klist_devices_put(struct klist_node *n)
+{
+	struct device *dev = container_of(n, struct device, knode_bus);
+
+	put_device(dev);
+}
+
+static void klist_drivers_get(struct klist_node *n)
+{
+	struct device_driver *drv = container_of(n, struct device_driver,
+						 knode_bus);
+
+	get_driver(drv);
+}
+
+static void klist_drivers_put(struct klist_node *n)
+{
+	struct device_driver *drv = container_of(n, struct device_driver,
+						 knode_bus);
+
+	put_driver(drv);
+}
+
 /**
  *	bus_register - register a bus with the system.
  *	@bus:	bus.
@@ -602,8 +632,8 @@
 	if (retval)
 		goto bus_drivers_fail;
 
-	klist_init(&bus->klist_devices);
-	klist_init(&bus->klist_drivers);
+	klist_init(&bus->klist_devices, klist_devices_get, klist_devices_put);
+	klist_init(&bus->klist_drivers, klist_drivers_get, klist_drivers_put);
 	bus_add_attrs(bus);
 
 	pr_debug("bus type '%s' registered\n", bus->name);