On 2017/9/26 下午12:38, Michael Lyle wrote: > I believe this introduces a critical bug. > > cl->list is used to link together the llists for both things waiting, > and for things that are being woken. > > If a closure that is woken decides to wait again, it will corrupt the > llist that __closure_wake_up is using. > > The previous iteration structure gets the next element of the list > before waking and is therefore safe. > Hi Mike, Good catch! I see llist_del_all() but forget cl->list can be modified in closure_wait(). Yes there is potential chance to mislead llist_for_each_entry() to iterate wrong list. llist_for_each_entry_safe() should be used here. I will send a fix to Jens, hope to catch up 4.14 still. Thanks! -- Coly Li
