From: Frank Pavlic <[email protected]>
[patch] broken kref-counting in find functions.
The klist reference counting in the find functions that use
klist_iter_init_node is broken. If the function (for example
driver_find_device) is called with a NULL start object then
everything is fine, the first call to next_device()/klist_next
increases the ref-count of the first node on the list and does
nothing for the start object which is NULL.
If they are called with a valid start object then klist_next
will decrement the ref-count for the start object but nobody
has incremented it. Logical place to fix this would be
klist_iter_init_node because the function puts a reference
of the object into the klist_iter struct.
Signed-off-by: Martin Schwidefsky <[email protected]>
Signed-off-by: Frank Pavlic <[email protected]>
---
diff -urpN linux-2.6/lib/klist.c linux-2.6-patched/lib/klist.c
--- linux-2.6/lib/klist.c 2005-10-28 02:02:08.000000000 +0200
+++ linux-2.6-patched/lib/klist.c 2005-11-23 18:33:34.000000000 +0100
@@ -199,6 +199,8 @@ void klist_iter_init_node(struct klist *
i->i_klist = k;
i->i_head = &k->k_list;
i->i_cur = n;
+ if (n)
+ kref_get(&n->n_ref);
}
EXPORT_SYMBOL_GPL(klist_iter_init_node);