On Mon, Jan 21, 2013 at 09:39:43AM +0900, Namjae Jeon wrote: > 2013/1/21, Dan Carpenter <dan.carpen...@oracle.com>: > > This is calling list_del() inside a loop which is a problem when we try > > move to the next item on the list. I've converted it to use the _safe > > version. And also, as a cleanup, I've converted it to use > > list_for_each_entry instead of list_for_each. > > > Hi Dan. > I can't understand why this patch is needed yet. > Could you elaborate more ? >
In this case "this", "entry" and "&entry->list" are all the same pointer, but just casted differently. The call to list_del() sets "&entry->list->next = LIST_POISON1;". On the next iteration "entry" now points to LIST_POISON1 so the iput(entry->inode); will cause an Oops. This was a static checker patch and I didn't test it, but I would have expected that it would be easy to trigger... regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
