Btrfs: ulist realloc bugfix ulist_next gets the pointer to the previously returned element to find the next element from there. However, when we call ulist_add while iteration with ulist_next is in progress (ulist explicitly supports this), we can realloc the ulist internal memory, which makes the pointer to the previous element useless. Instead, we now use an iterator parameter that's independent from the internal pointers. Reported-by: Alexander Block <ablock84@googlemail.com> Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>

commit: cd1b413c5c863a96bfdeab8e91b1fb3a52665e42 [log] [tgz]
author: Jan Schmidt <list.btrfs@jan-o-sch.net> Tue May 22 14:56:50 2012 +0200
committer: Jan Schmidt <list.btrfs@jan-o-sch.net> Sat May 26 12:17:49 2012 +0200
tree: a433c13c530c487f2d7e209402ef72ec67e48647
parent: b9fab919b748c7b39c19ff236ed6c5682c266dde [diff] [blame]
diff --git a/fs/btrfs/ulist.h b/fs/btrfs/ulist.h
index 2e25dec..62d2574 100644
--- a/fs/btrfs/ulist.h
+++ b/fs/btrfs/ulist.h

@@ -24,6 +24,10 @@
  */
 #define ULIST_SIZE 16
 
+struct ulist_iterator {
+	int i;
+};
+
 /*
  * element of the list
  */
@@ -63,6 +67,9 @@
 void ulist_free(struct ulist *ulist);
 int ulist_add(struct ulist *ulist, u64 val, unsigned long aux,
 	      unsigned long gfp_mask);
-struct ulist_node *ulist_next(struct ulist *ulist, struct ulist_node *prev);
+struct ulist_node *ulist_next(struct ulist *ulist,
+			      struct ulist_iterator *uiter);
+
+#define ULIST_ITER_INIT(uiter) ((uiter)->i = 0)
 
 #endif
commit	cd1b413c5c863a96bfdeab8e91b1fb3a52665e42	[log] [tgz]
author	Jan Schmidt <list.btrfs@jan-o-sch.net>	Tue May 22 14:56:50 2012 +0200
committer	Jan Schmidt <list.btrfs@jan-o-sch.net>	Sat May 26 12:17:49 2012 +0200
tree	a433c13c530c487f2d7e209402ef72ec67e48647
parent	b9fab919b748c7b39c19ff236ed6c5682c266dde [diff] [blame]