PCI: Fix reference counting bug

pci_get_subsys() will decrement the reference count of the device that
it starts searching from.  Unfortunately, the pci_find_device() interface
will already have decremented the reference count of the device earlier,
so the device will end up losing all reference counts and be freed.

We can fix this by incrementing the reference count of the device to
start searching from before calling pci_get_subsys().

Signed-off-by: Matthew Wilcox <willy@linux.intel.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

diff --git a/drivers/pci/search.c b/drivers/pci/search.c
index 4edfc4731bd4296f3b33081d2f9f66946f1f231f..5af8bd5381497656291ec61de58e678e8b874dd6 100644 (file)
--- a/drivers/pci/search.c
+++ b/drivers/pci/search.c
@@ -166,6 +166,7 @@ struct pci_dev *pci_find_device(unsigned int vendor, unsigned int device,
 {
        struct pci_dev *pdev;
 
+       pci_dev_get(from);
        pdev = pci_get_subsys(vendor, device, PCI_ANY_ID, PCI_ANY_ID, from);
        pci_dev_put(pdev);
        return pdev;
@@ -270,12 +271,8 @@ static struct pci_dev *pci_get_dev_by_id(const struct pci_device_id *id,
        struct pci_dev *pdev = NULL;
 
        WARN_ON(in_interrupt());
-       if (from) {
-               /* FIXME
-                * take the cast off, when bus_find_device is made const.
-                */
-               dev_start = (struct device *)&from->dev;
-       }
+       if (from)
+               dev_start = &from->dev;
        dev = bus_find_device(&pci_bus_type, dev_start, (void *)id,
                              match_pci_dev_by_id);
        if (dev)