2003-09-29 17:40:28

by Domen Puncer

[permalink] [raw]
Subject: replicator.c - bug in izo_rep_cache_clean()?

Hi.

Another repost after more than a month, since this bug is still in kernel tree.
Now CC-ing lkml, folks at intermezzo ml don't care?

I've been doing some janitor work and came across this:


On Saturday 12 of July 2003 18:07, Matthew Wilcox wrote:
> On Sat, Jul 12, 2003 at 05:22:55PM +0200, Domen Puncer wrote:
> > ---
> > fs/intermezzo/replicator.c:83: //izo_rep_cache_clean()
> > tmp = bucket = &fset->fset_clients[i];
> >
> > tmp = tmp->next;
> > while (tmp != bucket) {
> > struct izo_offset_rec *offrec;
> > tmp = tmp->next;
> > list_del(tmp);
> > offrec = list_entry(tmp, struct izo_offset_rec,
> > or_list);
> > PRESTO_FREE(offrec, sizeof(struct
> > izo_offset_rec)); }
> >
> > This code just doesn't look right.
> > We delete tmp (tmp->next = LIST_POISON1)... next time we'll
> > list_del(LIST_POISON1)!!
> > We also do not delete first entry in the list
> > &fset->fset_clients[i]->next.
>
> Yup, looks like a bug. I bet they meant to list_del(&tmp->prev).

I guess it could be written like this:
list_for_each_save(tmp, next, bucket) {
struct izo_offset_rec *offrec;
list_del(tmp);
...


Domen