[patch] broken kref-counting in find functions.

From: Martin Schwidefsky
Date: Thu Nov 24 2005 - 09:52:14 EST

Next message: Andi Kleen: "Re: [patch] SMP alternatives"
Previous message: Oleg Nesterov: "[PATCH 2/2] PF_DEAD: kill it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Frank Pavlic <pavlic@xxxxxxxxxx>

[patch] broken kref-counting in find functions.

The klist reference counting in the find functions that use
klist_iter_init_node is broken. If the function (for example
driver_find_device) is called with a NULL start object then
everything is fine, the first call to next_device()/klist_next
increases the ref-count of the first node on the list and does
nothing for the start object which is NULL.
If they are called with a valid start object then klist_next
will decrement the ref-count for the start object but nobody
has incremented it. Logical place to fix this would be
klist_iter_init_node because the function puts a reference
of the object into the klist_iter struct.

Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
Signed-off-by: Frank Pavlic <pavlic@xxxxxxxxxx>

---

diff -urpN linux-2.6/lib/klist.c linux-2.6-patched/lib/klist.c
--- linux-2.6/lib/klist.c 2005-10-28 02:02:08.000000000 +0200
+++ linux-2.6-patched/lib/klist.c 2005-11-23 18:33:34.000000000 +0100
@@ -199,6 +199,8 @@ void klist_iter_init_node(struct klist *
i->i_klist = k;
i->i_head = &k->k_list;
i->i_cur = n;
+ if (n)
+ kref_get(&n->n_ref);
}

EXPORT_SYMBOL_GPL(klist_iter_init_node);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [patch] SMP alternatives"
Previous message: Oleg Nesterov: "[PATCH 2/2] PF_DEAD: kill it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]