From: Rodolfo Giometti <giometti@enneenne.com>
To: Roland Dreier <rdreier@cisco.com>
Cc: Dave Jones <davej@redhat.com>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH] LinuxPPS - PPS support for Linux
Date: Wed, 24 Oct 2007 09:00:31 +0200 [thread overview]
Message-ID: <20071024070030.GR9748@enneenne.com> (raw)
In-Reply-To: <adasl414jzw.fsf@cisco.com>
On Tue, Oct 23, 2007 at 02:08:19PM -0700, Roland Dreier wrote:
> A few comments:
>
> > + dev_err(port->dev, "PPS support disabled due port \"%s\" is "
> > + "in polling mode\n",
>
> I think "because" instead of "due" is closer to standard English.
Fixed.
> > + printk(KERN_ERR "pps: %s: too much PPS sources in the system\n",
> > + info->name);
>
> Similarly should be "many" instead of "much".
Fixed.
> > + /* Get new ID for the new PPS source */
> > + if (idr_pre_get(&pps_idr, GFP_KERNEL) == 0) {
> > + err = -ENOMEM;
> > + goto kfree_pps;
> > + }
> > +
> > + spin_lock_irq(&idr_lock);
> > + err = idr_get_new(&pps_idr, pps, &id);
> > + spin_unlock_irq(&idr_lock);
> > +
> > + if (err < 0)
> > + goto kfree_pps;
>
> You usually can handle idr_get_new() returning -EAGAIN by jumping back
> to the idr_pre_get(), to handle someone else coming in and stealing
> the memory you just preallocated. In this case it may not matter
> since it's pretty unlikely that a lot of contexts are using the idr at
> the same time. But anyway...
I don't understand what you mean. Can you please submit an example
code?
> > +void pps_unregister_source(int source)
> > ...
> > + wait_event(pps->usage_queue, atomic_read(&pps->usage) == 0);
> > +
> > + pps_sysfs_remove_source_entry(pps);
> > + pps_unregister_cdev(pps);
> > + kfree(pps);
>
> This reference counting looks dubious to me... later on in the code
> you have:
>
> > +static int pps_cdev_open(struct inode *inode, struct file *file)
> > +{
> > + struct pps_device *pps = container_of(inode->i_cdev,
> > + struct pps_device, cdev);
> > +
> > + /* Lock the PPS source against (possible) deregistration */
> > + atomic_inc(&pps->usage);
>
> with no locking, so I see no reason why the atomic_inc() couldn't
> happen right after the wait_event() sees a count of 0 and lets the
> deregistration continue. Which would lead to use-after-free.
Mmm... you are right... can you please suggest to me how can I easily
fix this problem?
Ciao,
Rodolfo
--
GNU/Linux Solutions e-mail: giometti@enneenne.com
Linux Device Driver giometti@gnudd.com
Embedded Systems giometti@linux.it
UNIX programming phone: +39 349 2432127
next prev parent reply other threads:[~2007-10-24 6:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-23 18:04 [PATCH] LinuxPPS - PPS support for Linux Rodolfo Giometti
2007-10-23 20:17 ` Dave Jones
2007-10-23 20:35 ` Rodolfo Giometti
2007-10-23 20:55 ` Rodolfo Giometti
2007-10-23 21:08 ` Roland Dreier
2007-10-24 7:00 ` Rodolfo Giometti [this message]
2007-10-25 8:39 ` Rodolfo Giometti
2007-10-25 20:32 ` Rodolfo Giometti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071024070030.GR9748@enneenne.com \
--to=giometti@enneenne.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdreier@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.