From akpm@osdl.org Sat Nov 26 20:52:06 2005
Message-Id: <200511270448.jAR4mj6g000778@shell0.pdx.osdl.net>
From: Frank Pavlic <pavlic@de.ibm.com>
Subject: klist: Fix broken kref counting in find functions
Date: Sat, 26 Nov 2005 20:48:40 -0800

The klist reference counting in the find functions that use
klist_iter_init_node is broken.  If the function (for example
driver_find_device) is called with a NULL start object then everything is
fine, the first call to next_device()/klist_next increases the ref-count of
the first node on the list and does nothing for the start object which is
NULL.

If they are called with a valid start object then klist_next will decrement
the ref-count for the start object but nobody has incremented it.  Logical
place to fix this would be klist_iter_init_node because the function puts a
reference of the object into the klist_iter struct.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Frank Pavlic <pavlic@de.ibm.com>
Cc: Patrick Mochel <mochel@digitalimplant.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 lib/klist.c |    2 ++
 1 file changed, 2 insertions(+)

--- gregkh-2.6.orig/lib/klist.c
+++ gregkh-2.6/lib/klist.c
@@ -199,6 +199,8 @@ void klist_iter_init_node(struct klist *
 	i->i_klist = k;
 	i->i_head = &k->k_list;
 	i->i_cur = n;
+	if (n)
+		kref_get(&n->n_ref);
 }
 
 EXPORT_SYMBOL_GPL(klist_iter_init_node);