From: Hans de Goede <j.w.r.degoede@hhs.nl>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: Hans Verkuil <hverkuil@xs4all.nl>,
Linux and Kernel Video <video4linux-list@redhat.com>,
Hans de Goede <j.w.r.degoede@hhs.nl>
Subject: Re: fs/char_dev.c memory leak (broken reference counting)
Date: Wed, 23 Jul 2008 11:15:43 +0200 [thread overview]
Message-ID: <4886F6BF.6070900@hhs.nl> (raw)
In-Reply-To: <4886F47A.3090102@hhs.nl>
Hans de Goede wrote:
<snip>
> And here is the problem when the fd refering to the character device
> gets closed, no-one does a kobj_put. chrdev_open replace the file's f_op
> pointer with the device driver fops, so the only fops release which will
> get called is that of the device driver, cdev_put (which will call
> kobj_put on the kobj) is exported, so device driver release methods
> could and I guess should call cdev_put, but under drivers/char there is
> not a single driver calling cdev_put !!
>
> So unless I'm missing something the kojb release callback never gets
> called.
>
Never mind, I just found out that cdev_put gets called from __fput() in
fs/file_table.c, thats somewhat convoluted if I may say so, I think atleast a
comment in char_dev.c explaining this would be in order.
So that only leaves this part of my mail:
> ###
>
> While on this topic in case of an usb device whose driver exports an
> chardev to userspace, the device can be disconnected while the chardev
> is still open. Currently usb-chardev drivers need to do their own
> reference counting in their open / release fops to make sure their
> device structure stays around until the last user has closed the device.
>
> The reference counting in cdev is almost an
> exact duplicate of the ref counting done in the device driver, thus I
> would like to propose to add a release function ptr to the cdev struct
> which if not NULL gets called from the cdev kobj release handler, then
> then device driver no longer has to duplicate the ref counting.
>
> This esp seems to make sense in cases where the device driver uses
> cdev_init, as then the cdev structure could currently be freed by the
> device driver (in case of hot unplug) without it knowing for sure that
> there are no more users of the cdev structure. For example even when the
> device driver does its own ref counting in the open / release fops,
> there could still be some users in the form of open cdev sysfs files.
>
I would still very much like to see this release callback get added, if there
are no objections I'll do a patch for this.
Regards,
Hans
p.s.
Please keep me in the CC, I'm not subscribed to the kernel mailinglist.
WARNING: multiple messages have this Message-ID (diff)
From: Hans de Goede <j.w.r.degoede@hhs.nl>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: Linux and Kernel Video <video4linux-list@redhat.com>
Subject: Re: fs/char_dev.c memory leak (broken reference counting)
Date: Wed, 23 Jul 2008 11:15:43 +0200 [thread overview]
Message-ID: <4886F6BF.6070900@hhs.nl> (raw)
In-Reply-To: <4886F47A.3090102@hhs.nl>
Hans de Goede wrote:
<snip>
> And here is the problem when the fd refering to the character device
> gets closed, no-one does a kobj_put. chrdev_open replace the file's f_op
> pointer with the device driver fops, so the only fops release which will
> get called is that of the device driver, cdev_put (which will call
> kobj_put on the kobj) is exported, so device driver release methods
> could and I guess should call cdev_put, but under drivers/char there is
> not a single driver calling cdev_put !!
>
> So unless I'm missing something the kojb release callback never gets
> called.
>
Never mind, I just found out that cdev_put gets called from __fput() in
fs/file_table.c, thats somewhat convoluted if I may say so, I think atleast a
comment in char_dev.c explaining this would be in order.
So that only leaves this part of my mail:
> ###
>
> While on this topic in case of an usb device whose driver exports an
> chardev to userspace, the device can be disconnected while the chardev
> is still open. Currently usb-chardev drivers need to do their own
> reference counting in their open / release fops to make sure their
> device structure stays around until the last user has closed the device.
>
> The reference counting in cdev is almost an
> exact duplicate of the ref counting done in the device driver, thus I
> would like to propose to add a release function ptr to the cdev struct
> which if not NULL gets called from the cdev kobj release handler, then
> then device driver no longer has to duplicate the ref counting.
>
> This esp seems to make sense in cases where the device driver uses
> cdev_init, as then the cdev structure could currently be freed by the
> device driver (in case of hot unplug) without it knowing for sure that
> there are no more users of the cdev structure. For example even when the
> device driver does its own ref counting in the open / release fops,
> there could still be some users in the form of open cdev sysfs files.
>
I would still very much like to see this release callback get added, if there
are no objections I'll do a patch for this.
Regards,
Hans
p.s.
Please keep me in the CC, I'm not subscribed to the kernel mailinglist.
--
video4linux-list mailing list
Unsubscribe mailto:video4linux-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/video4linux-list
next prev parent reply other threads:[~2008-07-23 9:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-23 9:06 fs/char_dev.c memory leak (broken reference counting) Hans de Goede
2008-07-23 9:06 ` Hans de Goede
2008-07-23 9:15 ` Hans de Goede [this message]
2008-07-23 9:15 ` Hans de Goede
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4886F6BF.6070900@hhs.nl \
--to=j.w.r.degoede@hhs.nl \
--cc=hverkuil@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=video4linux-list@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.