Re: [patch] f2fs: use _safe() version of list_for_each

[Dan Carpenter]

On Mon, Jan 21, 2013 at 09:39:43AM +0900, Namjae Jeon wrote:
> 2013/1/21, Dan Carpenter <dan.carpenter@xxxxxxxxxx>:
> > This is calling list_del() inside a loop which is a problem when we try
> > move to the next item on the list.  I've converted it to use the _safe
> > version.  And also, as a cleanup, I've converted it to use
> > list_for_each_entry instead of list_for_each.
> >
> Hi Dan.
> I can't understand why this patch is needed yet.
> Could you elaborate more ?
> 

In this case "this", "entry" and "&entry->list" are all the same
pointer, but just casted differently.  The call to list_del() sets
"&entry->list->next = LIST_POISON1;".  On the next iteration "entry"
now points to LIST_POISON1 so the iput(entry->inode); will cause an
Oops.

This was a static checker patch and I didn't test it, but I would
have expected that it would be easy to trigger...

regards,
dan carpenter


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/