Ref-count problem in kset_find_obj?

From: Martin Schwidefsky
Date: Wed Oct 29 2003 - 07:42:33 EST

Next message: Meelis Roos: "Re: PCI Bus error 6290 or 0290"
Previous message: Stefan Talpalaru: "PATCH: CMD640 IDE chipset"
Next in thread: Patrick Mochel: "Re: Ref-count problem in kset_find_obj?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Pat,
looking through the sysfs code I noticed a potential problem in
kset_find_obj:

struct kobject * kset_find_obj(struct kset * kset, const char * name)
{
struct list_head * entry;
struct kobject * ret = NULL;

down_read(&kset->subsys->rwsem);
list_for_each(entry,&kset->list) {
struct kobject * k = to_kobj(entry);
if (!strcmp(kobject_name(k),name)) {
ret = k;
break;
}
}
up_read(&kset->subsys->rwsem);
return ret;
}

The reference count of the kobject to be returned is not
increased before the semaphore is released. A kobject_del/unlink
could remove the object before the called of kset_find_obj is
able to increase the reference count. This makes kset_find_obj
more or less unusable, doesn't it?

blue skies,
Martin.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Meelis Roos: "Re: PCI Bus error 6290 or 0290"
Previous message: Stefan Talpalaru: "PATCH: CMD640 IDE chipset"
Next in thread: Patrick Mochel: "Re: Ref-count problem in kset_find_obj?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]