* [PATCH] DMAENGINE: too many kref_put calls
@ 2007-10-26 23:56 Shannon Nelson
2007-10-27 6:40 ` Al Viro
2007-10-27 13:28 ` Haavard Skinnemoen
0 siblings, 2 replies; 3+ messages in thread
From: Shannon Nelson @ 2007-10-26 23:56 UTC (permalink / raw)
To: linux-kernel, akpm; +Cc: shannon.nelson, greg, hskinnemoen, dan.j.williams
When a channel is removed from dmaengine, too many kref_put() calls
are made and the device removal happens too soon, usually causing
a panic.
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
---
drivers/dma/dmaengine.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
index 84257f7..245da53 100644
--- a/drivers/dma/dmaengine.c
+++ b/drivers/dma/dmaengine.c
@@ -134,8 +134,7 @@ static void dma_async_device_cleanup(struct kref *kref);
static void dma_dev_release(struct device *dev)
{
- struct dma_chan *chan = to_dma_chan(dev);
- kref_put(&chan->device->refcount, dma_async_device_cleanup);
+ return;
}
static struct class dma_devclass = {
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] DMAENGINE: too many kref_put calls
2007-10-26 23:56 [PATCH] DMAENGINE: too many kref_put calls Shannon Nelson
@ 2007-10-27 6:40 ` Al Viro
2007-10-27 13:28 ` Haavard Skinnemoen
1 sibling, 0 replies; 3+ messages in thread
From: Al Viro @ 2007-10-27 6:40 UTC (permalink / raw)
To: Shannon Nelson; +Cc: linux-kernel, akpm, greg, hskinnemoen, dan.j.williams
On Fri, Oct 26, 2007 at 04:56:48PM -0700, Shannon Nelson wrote:
> static void dma_dev_release(struct device *dev)
> {
> - struct dma_chan *chan = to_dma_chan(dev);
> - kref_put(&chan->device->refcount, dma_async_device_cleanup);
> + return;
> }
Practically guaranteed to be broken. Empty ->release() is almost certain
to mean that you can get operations on already freed object.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] DMAENGINE: too many kref_put calls
2007-10-26 23:56 [PATCH] DMAENGINE: too many kref_put calls Shannon Nelson
2007-10-27 6:40 ` Al Viro
@ 2007-10-27 13:28 ` Haavard Skinnemoen
1 sibling, 0 replies; 3+ messages in thread
From: Haavard Skinnemoen @ 2007-10-27 13:28 UTC (permalink / raw)
To: Shannon Nelson; +Cc: linux-kernel, akpm, shannon.nelson, greg, dan.j.williams
On Fri, 26 Oct 2007 16:56:48 -0700
Shannon Nelson <shannon.nelson@intel.com> wrote:
> @@ -134,8 +134,7 @@ static void dma_async_device_cleanup(struct kref
> *kref);
> static void dma_dev_release(struct device *dev)
> {
> - struct dma_chan *chan = to_dma_chan(dev);
> - kref_put(&chan->device->refcount, dma_async_device_cleanup);
> + return;
> }
Hmm...what prevents dma_chan_cleanup() from being called while someone
still holds a reference to the "class" device? This will allow the
module removal to proceed, the device to be freed, and things will blow
up...
I think my patch is better. By taking two references, the order in
which the cleanup functions are called doesn't matter -- both have to
complete before the module removal is allowed to proceed.
Håvard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-10-27 13:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-26 23:56 [PATCH] DMAENGINE: too many kref_put calls Shannon Nelson
2007-10-27 6:40 ` Al Viro
2007-10-27 13:28 ` Haavard Skinnemoen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox