The klist reference counting in the find functions that use
klist_iter_init_node is broken. If the function (for example
driver_find_device) is called with a NULL start object then everything is
fine, the first call to next_device()/klist_next increases the ref-count of
the first node on the list and does nothing for the start object which is
NULL.
If they are called with a valid start object then klist_next will decrement
the ref-count for the start object but nobody has incremented it. Logical
place to fix this would be klist_iter_init_node because the function puts a
reference of the object into the klist_iter struct.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Frank Pavlic <pavlic@de.ibm.com>
Cc: Patrick Mochel <mochel@digitalimplant.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
i->i_klist = k;
i->i_head = &k->k_list;
i->i_cur = n;
+ if (n)
+ kref_get(&n->n_ref);
}
EXPORT_SYMBOL_GPL(klist_iter_init_node);