Date: Thu, 24 Nov 2005 15:51:32 +0100
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: akpm@osdl.org, mochel@digitalimplant.org, linux-kernel@vger.kernel.org
Subject: [patch] broken kref-counting in find functions.
Message-ID: <20051124145132.GA5057@skybase.boeblingen.de.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.11
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1472
Lines: 38

From: Frank Pavlic <pavlic@de.ibm.com>

[patch] broken kref-counting in find functions.

The klist reference counting in the find functions that use
klist_iter_init_node is broken. If the function (for example
driver_find_device) is called with a NULL start object then
everything is fine, the first call to next_device()/klist_next
increases the ref-count of the first node on the list and does
nothing for the start object which is NULL.
If they are called with a valid start object then klist_next
will decrement the ref-count for the start object but nobody
has incremented it. Logical place to fix this would be
klist_iter_init_node because the function puts a reference
of the object into the klist_iter struct.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Frank Pavlic <pavlic@de.ibm.com>

---

diff -urpN linux-2.6/lib/klist.c linux-2.6-patched/lib/klist.c
--- linux-2.6/lib/klist.c	2005-10-28 02:02:08.000000000 +0200
+++ linux-2.6-patched/lib/klist.c	2005-11-23 18:33:34.000000000 +0100
@@ -199,6 +199,8 @@ void klist_iter_init_node(struct klist *
 	i->i_klist = k;
 	i->i_head = &k->k_list;
 	i->i_cur = n;
+	if (n)
+		kref_get(&n->n_ref);
 }
 
 EXPORT_SYMBOL_GPL(klist_iter_init_node);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/