cn_queue_free_callback() will touch 'dev'(i.e. cbq->pdev),
so it should be called before atomic_dec(&dev->refcnt).
Signed-off-by: Li Zefan <[email protected]>
---
drivers/connector/cn_queue.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/connector/cn_queue.c b/drivers/connector/cn_queue.c
index 23cc87a..5732ca3 100644
--- a/drivers/connector/cn_queue.c
+++ b/drivers/connector/cn_queue.c
@@ -99,8 +99,8 @@ int cn_queue_add_callback(struct cn_queue_dev *dev, char *name, struct cb_id *id
spin_unlock_bh(&dev->queue_lock);
if (found) {
- atomic_dec(&dev->refcnt);
cn_queue_free_callback(cbq);
+ atomic_dec(&dev->refcnt);
return -EINVAL;
}
--
1.5.3.rc7
From: Li Zefan <[email protected]>
Date: Wed, 09 Jan 2008 13:44:07 +0800
>
> cn_queue_free_callback() will touch 'dev'(i.e. cbq->pdev),
> so it should be called before atomic_dec(&dev->refcnt).
>
> Signed-off-by: Li Zefan <[email protected]>
Excellent catch, patch applied.
Thanks.
On Wed, Jan 09, 2008 at 01:44:07PM +0800, Li Zefan ([email protected]) wrote:
>
> cn_queue_free_callback() will touch 'dev'(i.e. cbq->pdev),
> so it should be called before atomic_dec(&dev->refcnt).
>
> Signed-off-by: Li Zefan <[email protected]>
Thanks a lot!
--
Evgeniy Polyakov