From: Peter Hurley <peter@hurleysoftware.com>
To: Gianluca Anzolin <gianluca@sottospazio.it>
Cc: gustavo@padovan.org, marcel@holtmann.org,
linux-bluetooth@vger.kernel.org, gregkh@linuxfoundation.org,
jslaby@suse.cz
Subject: Re: [PATCH v4 5/6] rfcomm: Fix the reference counting of tty_port
Date: Sat, 27 Jul 2013 08:07:05 -0400 [thread overview]
Message-ID: <51F3B7E9.2040208@hurleysoftware.com> (raw)
In-Reply-To: <20130727044809.GA22696@sottospazio.it>
On 07/27/2013 12:48 AM, Gianluca Anzolin wrote:
> On Fri, Jul 26, 2013 at 08:20:47PM -0400, Peter Hurley wrote:
>> On 07/26/2013 01:18 PM, Gianluca Anzolin wrote:
>>> @@ -614,7 +601,9 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
>>> return;
>>> }
>>>
>>> - rfcomm_dev_del(dev);
>>> + set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
>>> + tty_port_put(&dev->port);
>>
>> Since this code can execute concurrently with rfcomm_release_dev(),
>> and the 'initial' port reference must only be dropped once, this should be
>>
>> if (!test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)
>> tty_port_put(&dev->port);
>>
>> Regards,
>> Peter Hurley
>
> I somehow convinced myself that it was safe but clearly it wasn't. Should I
> also change the same way the code in rfcomm_tty_hangup()?
Yes, I think that's wise. For example,
CPU 0 | CPU 1
|
rfcomm_dev_state_change |
tty_port_tty_get |
tty_hangup | rfcomm_release_dev
. | .
. | .
. | .
do_tty_hangup | .
__tty_hangup | .
rfcomm_tty_hangup | .
tty_port_hangup | .
| if (!test_and_set_bit(RFCOMM_TTY_RELEASED))
| tty_port_put
set_bit(RFCOMM_TTY_RELEASED) |
tty_port_put |
Also, in the commit message you should explain that
!test_and_set_bit(RFCOMM_TTY_RELEASED) ensures that the 'initial'
tty_port reference is only dropped once.
On a side note, I think this exposes a flaw in the tty layer hangup handling.
It seems possible that an async hangup could be scheduled while a
sync hangup is in-progress (and vice versa). While the two hangups would
not execute concurrently (because the tty lock serializes hangups),
they would execute sequentially and that would be bad.
I'm testing a mock-up now.
Regards,
Peter Hurley
next prev parent reply other threads:[~2013-07-27 12:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-26 17:18 [PATCH v4 0/6] rfcomm: Implement rfcomm as a proper tty_port Gianluca Anzolin
2013-07-26 17:18 ` [PATCH v4 1/6] rfcomm: Take proper tty_struct references Gianluca Anzolin
2013-07-26 17:18 ` [PATCH v4 2/6] rfcomm: Remove the device from the list in the destructor Gianluca Anzolin
2013-07-26 17:18 ` [PATCH v4 3/6] rfcomm: Move the tty initialization and cleanup out of open/close Gianluca Anzolin
2013-07-26 20:04 ` Peter Hurley
2013-07-26 17:18 ` [PATCH v4 4/6] rfcomm: Implement .activate, .shutdown and .carrier_raised methods Gianluca Anzolin
2013-07-26 17:18 ` [PATCH v4 5/6] rfcomm: Fix the reference counting of tty_port Gianluca Anzolin
2013-07-27 0:20 ` Peter Hurley
2013-07-27 4:48 ` Gianluca Anzolin
2013-07-27 12:07 ` Peter Hurley [this message]
2013-07-26 17:18 ` [PATCH v4 6/6] rfcomm: Purge the dlc->tx_queue to avoid circular dependency Gianluca Anzolin
2013-07-26 19:56 ` [PATCH v4 0/6] rfcomm: Implement rfcomm as a proper tty_port Peter Hurley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F3B7E9.2040208@hurleysoftware.com \
--to=peter@hurleysoftware.com \
--cc=gianluca@sottospazio.it \
--cc=gregkh@linuxfoundation.org \
--cc=gustavo@padovan.org \
--cc=jslaby@suse.cz \
--cc=linux-bluetooth@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.