The document is /Documentation/kerf.txt, and I'm referring to v3.12:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/kref.txt?id=v3.12
Part of the first example in the document is attached below.
In my_data_handler(), kref_init() already put 1 to refcount, and kref_get()
next made the refcount 2. But if kthread_run() fails, only one kref_put()
will
take place (right after the out tag), it renders the refcount to be 1 at
last,
and the data will never be freed.
int my_data_handler(void)
{
int rv = 0;
struct my_data *data;
struct task_struct *task;
data = kmalloc(sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
kref_init(&data->refcount);
kref_get(&data->refcount);
task = kthread_run(more_data_handling, data, "more_data_handling");
if (task == ERR_PTR(-ENOMEM)) {
rv = -ENOMEM;
goto out;
}
.
. do stuff with data here
.
out:
kref_put(&data->refcount, data_release);
return rv;
}
I also noticed that there once was a kref_put() before "goto out" in the doc
before some point of 2009, but it was removed by a patch that claimed that
this
kref_put() was redudent.
The patch commit is:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/Documentation/kref.txt?id=8f1ecc9fbc5b223e4f5d5bb8bcd6f5672c4bc4b6
Is this a bug or maybe I missed something?
Licheng
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
