I've copied the function inline below, and have several questions about it.
201 static void *ipx_seq_socket_next(struct seq_file *seq, void *v,
loff_t *pos)
202 {
203 struct sock* sk, *next;
204 struct ipx_interface *i;
205 struct ipx_opt *ipxs;
206
207 ++*pos;
208 if (v == SEQ_START_TOKEN) {
209 sk = NULL;
210 i = ipx_interfaces_head();
211 if (!i)
212 goto out;
213 sk = sk_head(&i->if_sklist);
214 if (sk)
215 spin_lock_bh(&i->if_sklist_lock);
If the sklist_lock isn't already held, isn't sk_head unsafe?
216 goto out;
We goto out, who releases the lock?
217 }
218 sk = v;
219 next = sk_next(sk);
220 if (next) {
221 sk = next;
222 goto out;
223 }
224 ipxs = ipx_sk(sk);
225 i = ipxs->intrfc;
226 spin_unlock_bh(&i->if_sklist_lock);
How was this lock acquired?
227 sk = NULL;
228 for (;;) {
229 i = ipx_interfaces_next(i);
230 if (!i)
231 break;
232 spin_lock_bh(&i->if_sklist_lock);
233 if (!hlist_empty(&i->if_sklist)) {
234 sk = sk_head(&i->if_sklist);
235 break;
236 }
237 spin_unlock_bh(&i->if_sklist_lock);
238 }
239 out:
240 return sk;
241 }
--
Ted Unangst www.coverity.com Coverity, Inc.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
