On (21/03/22 07:02), Al Viro wrote:
> On Mon, Mar 22, 2021 at 02:13:42PM +0900, Namjae Jeon wrote:
> > +static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft,
> > + unsigned int id)
> > +{
> > + bool unclaimed = true;
> > + struct ksmbd_file *fp;
> > +
> > + read_lock(&ft->lock);
> > + fp = idr_find(ft->idr, id);
> > + if (fp)
> > + fp = ksmbd_fp_get(fp);
> > +
> > + if (fp && fp->f_ci) {
> > + read_lock(&fp->f_ci->m_lock);
> > + unclaimed = list_empty(&fp->node);
> > + read_unlock(&fp->f_ci->m_lock);
> > + }
> > + read_unlock(&ft->lock);
> > +
> > + if (fp && unclaimed) {
> > + atomic_dec(&fp->refcount);
> > + return NULL;
> > + }
>
> Can that atomic_dec() end up dropping the last remaining reference?
Yes, I think it should increment refcount only for "claimed" fp.
