From: Corey Minyard <minyard@acm.org>
To: wu000273@umn.edu
Cc: kjlu@umn.edu, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
openipmi-developer@lists.sourceforge.net,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ipmi: code cleanup and prevent potential issue.
Date: Tue, 9 Jun 2020 07:18:16 -0500 [thread overview]
Message-ID: <20200609121816.GS2880@minyard.net> (raw)
In-Reply-To: <20200609060410.29700-1-wu000273@umn.edu>
On Tue, Jun 09, 2020 at 01:04:10AM -0500, wu000273@umn.edu wrote:
> From: Qiushi Wu <wu000273@umn.edu>
>
> All the previous get/put operations against intf->refcount are
> inside the mutex. Thus, put the last kref_put() also inside mutex
> to make sure get/put functions execute in order and prevent the
> potential race condition.
No, this can result in a crash. intf and intf->bmc_reg_mutex will
be freed by intf_free. In fact, every call to kref_put() on intf
better be outside any mutex/lock in intf. If you saw any, that
is a bug, please report that. kref_get() is fine inside the
mutex.
Plus, this is not a race condition. get/put is atomic.
-corey
>
> Signed-off-by: Qiushi Wu <wu000273@umn.edu>
> ---
> drivers/char/ipmi/ipmi_msghandler.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
> index e1b22fe0916c..d34343e34272 100644
> --- a/drivers/char/ipmi/ipmi_msghandler.c
> +++ b/drivers/char/ipmi/ipmi_msghandler.c
> @@ -2583,10 +2583,11 @@ static int __bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc,
> *guid = bmc->guid;
> }
>
> + kref_put(&intf->refcount, intf_free);
> +
> mutex_unlock(&bmc->dyn_mutex);
> mutex_unlock(&intf->bmc_reg_mutex);
>
> - kref_put(&intf->refcount, intf_free);
> return rv;
> }
>
> --
> 2.17.1
>
prev parent reply other threads:[~2020-06-09 12:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-09 6:04 [PATCH] ipmi: code cleanup and prevent potential issue wu000273
2020-06-09 12:18 ` Corey Minyard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200609121816.GS2880@minyard.net \
--to=minyard@acm.org \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=kjlu@umn.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=openipmi-developer@lists.sourceforge.net \
--cc=wu000273@umn.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.