The klist reference counting in the find functions that use klist_iter_init_node is broken. If the function (for example driver_find_device) is called with a NULL start object then everything is fine, the first call to next_device()/klist_next increases the ref-count of the first node on the list and does nothing for the start object which is NULL. If they are called with a valid start object then klist_next will decrement the ref-count for the start object but nobody has incremented it. Logical place to fix this would be klist_iter_init_node because the function puts a reference of the object into the klist_iter struct. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Frank Pavlic <pavlic@de.ibm.com> Cc: Patrick Mochel <mochel@digitalimplant.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff --git a/lib/klist.c b/lib/klist.c
index bb2f3551d50a..9c94f0b163a1 100644
--- a/lib/klist.c
+++ b/lib/klist.c
@@ -199,6 +199,8 @@ void klist_iter_init_node(struct klist * k, struct klist_iter * i, struct klist_
i->i_klist = k;
i->i_head = &k->k_list;
i->i_cur = n;
+ if (n)
+ kref_get(&n->n_ref);

