On 26/04/17 07:53, Tomasz Nowicki wrote:
>> + mutex_lock(&device->tasks_lock);
>> + list_for_each_entry(vfio_task, &device->tasks, list) {
>> + if (vfio_task->pasid != svm.pasid)
>> + continue;
>> +
>> + ret = iommu_unbind_task(device->dev, svm.pasid, flags);
>> + if (ret)
>> + dev_warn(device->dev, "failed to unbind PASID %u\n",
>> + vfio_task->pasid);
>> +
>> + list_del(&vfio_task->list);
>> + kfree(vfio_task);
>
> Please use list_for_each_entry_safe.
There is:
+ break;
right after kfree, so we'd never follow vfio_task->list.next after freeing
vfio_task. The code searches for the _only_ task matching the PASID,
removes it and leaves the loop.
Thanks,
Jean-Philippe
