* [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init @ 2012-07-24 14:49 Ben Chan 2012-07-25 4:50 ` devendra.aaru 0 siblings, 1 reply; 7+ messages in thread From: Ben Chan @ 2012-07-24 14:49 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: devel, linux-kernel, Devendra Naga, benchan, Dan Carpenter This patch fixes the commit "staging/gdm72xx: cleanup little at gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe), which mishandles the reference counting of wm_event. Signed-off-by: Ben Chan <benchan@chromium.org> --- Fixed the commit message as suggested by Dan Carpenter. drivers/staging/gdm72xx/gdm_wimax.c | 16 ++++++++++------ 1 files changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c index 0716efc..6cb8107 100644 --- a/drivers/staging/gdm72xx/gdm_wimax.c +++ b/drivers/staging/gdm72xx/gdm_wimax.c @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void) if (!wm_event.ref_cnt) { wm_event.sock = netlink_init(NETLINK_WIMAX, gdm_wimax_event_rcv); - if (wm_event.sock) - wm_event.ref_cnt++; - INIT_LIST_HEAD(&wm_event.evtq); - INIT_LIST_HEAD(&wm_event.freeq); - INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); - spin_lock_init(&wm_event.evt_lock); + if (wm_event.sock) { + INIT_LIST_HEAD(&wm_event.evtq); + INIT_LIST_HEAD(&wm_event.freeq); + INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); + spin_lock_init(&wm_event.evt_lock); + } + } + + if (wm_event.sock) { + wm_event.ref_cnt++; return 0; } -- 1.7.7.3 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init 2012-07-24 14:49 [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init Ben Chan @ 2012-07-25 4:50 ` devendra.aaru 2012-07-25 13:53 ` Ben Chan 0 siblings, 1 reply; 7+ messages in thread From: devendra.aaru @ 2012-07-25 4:50 UTC (permalink / raw) To: Ben Chan; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter On Tue, Jul 24, 2012 at 8:34 PM, Ben Chan <benchan@chromium.org> wrote: > This patch fixes the commit "staging/gdm72xx: cleanup little at > gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe), > which mishandles the reference counting of wm_event. > > Signed-off-by: Ben Chan <benchan@chromium.org> > --- > Fixed the commit message as suggested by Dan Carpenter. > > drivers/staging/gdm72xx/gdm_wimax.c | 16 ++++++++++------ > 1 files changed, 10 insertions(+), 6 deletions(-) > > diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c > index 0716efc..6cb8107 100644 > --- a/drivers/staging/gdm72xx/gdm_wimax.c > +++ b/drivers/staging/gdm72xx/gdm_wimax.c > @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void) > if (!wm_event.ref_cnt) { > wm_event.sock = netlink_init(NETLINK_WIMAX, > gdm_wimax_event_rcv); > - if (wm_event.sock) > - wm_event.ref_cnt++; > - INIT_LIST_HEAD(&wm_event.evtq); > - INIT_LIST_HEAD(&wm_event.freeq); > - INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); > - spin_lock_init(&wm_event.evt_lock); > + if (wm_event.sock) { > + INIT_LIST_HEAD(&wm_event.evtq); > + INIT_LIST_HEAD(&wm_event.freeq); > + INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); > + spin_lock_init(&wm_event.evt_lock); > + } > + } > + > + if (wm_event.sock) { > + wm_event.ref_cnt++; > return 0; > } > > -- > 1.7.7.3 > Hi Ben, I have some basic understanding about this flow of the function, Here is my understanding of the thing i have done when i was doing some cleanups to this driver. The ref_cnt will be 0 at first time. if so the sock creation happens only once, and register_wimax_device only calls this function. so i think doing the ref_cnt++ inside the if (!wm_event.ref_cnt) is valid. Please suggest me if i am wrong. Thanks, ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init 2012-07-25 4:50 ` devendra.aaru @ 2012-07-25 13:53 ` Ben Chan 2012-08-08 19:50 ` Ben Chan 2012-08-10 4:30 ` devendra.aaru 0 siblings, 2 replies; 7+ messages in thread From: Ben Chan @ 2012-07-25 13:53 UTC (permalink / raw) To: devendra.aaru; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter Hi Devendra, Thanks for cleaning up the driver. If I understand the code correctly, the original author wanted to initialize wm_event once and reuse it for multiple devices, and thus reference counted it with ref_cnt. For instance, each time gdm_usb_probe() is called, it may call register_wimax_device() / gdm_wimax_event_init(). wm_event is initialized the first time when wm_event.ref_cnt == 0 (alternatively, the code could check !wm_event.sock). Subsequent calls to gdm_wimax_event_init() will simply increase the ref count. Similarly, gdm_usb_disconnect() calls unregister_wimax_device() / gdm_wimax_event_exit(), which decreases the ref count and disposes wm_event when ref_cnt becomes zero. The code change in commit 8df858ea76b76dde9a39d4edd9aaded983582cfe only prevents ref_cnt from increasing beyond one. So the code no longer work when there are multiple devices (i.e. wm_event could be disposed even when there is an active device). Thanks, Ben On Tue, Jul 24, 2012 at 9:50 PM, devendra.aaru <devendra.aaru@gmail.com> wrote: > On Tue, Jul 24, 2012 at 8:34 PM, Ben Chan <benchan@chromium.org> wrote: >> This patch fixes the commit "staging/gdm72xx: cleanup little at >> gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe), >> which mishandles the reference counting of wm_event. >> >> Signed-off-by: Ben Chan <benchan@chromium.org> >> --- >> Fixed the commit message as suggested by Dan Carpenter. >> >> drivers/staging/gdm72xx/gdm_wimax.c | 16 ++++++++++------ >> 1 files changed, 10 insertions(+), 6 deletions(-) >> >> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c >> index 0716efc..6cb8107 100644 >> --- a/drivers/staging/gdm72xx/gdm_wimax.c >> +++ b/drivers/staging/gdm72xx/gdm_wimax.c >> @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void) >> if (!wm_event.ref_cnt) { >> wm_event.sock = netlink_init(NETLINK_WIMAX, >> gdm_wimax_event_rcv); >> - if (wm_event.sock) >> - wm_event.ref_cnt++; >> - INIT_LIST_HEAD(&wm_event.evtq); >> - INIT_LIST_HEAD(&wm_event.freeq); >> - INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); >> - spin_lock_init(&wm_event.evt_lock); >> + if (wm_event.sock) { >> + INIT_LIST_HEAD(&wm_event.evtq); >> + INIT_LIST_HEAD(&wm_event.freeq); >> + INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); >> + spin_lock_init(&wm_event.evt_lock); >> + } >> + } >> + >> + if (wm_event.sock) { >> + wm_event.ref_cnt++; >> return 0; >> } >> >> -- >> 1.7.7.3 >> > > Hi Ben, > > I have some basic understanding about this flow of the function, > > Here is my understanding of the thing i have done when i was doing > some cleanups to this driver. > > The ref_cnt will be 0 at first time. if so the sock creation happens > only once, and register_wimax_device only calls this function. > so i think doing the ref_cnt++ inside the if (!wm_event.ref_cnt) is valid. > > Please suggest me if i am wrong. > > Thanks, ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init 2012-07-25 13:53 ` Ben Chan @ 2012-08-08 19:50 ` Ben Chan 2012-08-10 4:30 ` devendra.aaru 1 sibling, 0 replies; 7+ messages in thread From: Ben Chan @ 2012-08-08 19:50 UTC (permalink / raw) To: devendra.aaru; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter Hi, Does patch v2 make sense? Thanks, Ben On Wed, Jul 25, 2012 at 6:53 AM, Ben Chan <benchan@chromium.org> wrote: > Hi Devendra, > > Thanks for cleaning up the driver. If I understand the code > correctly, the original author wanted to initialize wm_event once and > reuse it for multiple devices, and thus reference counted it with > ref_cnt. > > For instance, each time gdm_usb_probe() is called, it may call > register_wimax_device() / gdm_wimax_event_init(). wm_event is > initialized the first time when wm_event.ref_cnt == 0 (alternatively, > the code could check !wm_event.sock). Subsequent calls to > gdm_wimax_event_init() will simply increase the ref count. Similarly, > gdm_usb_disconnect() calls unregister_wimax_device() / > gdm_wimax_event_exit(), which decreases the ref count and disposes > wm_event when ref_cnt becomes zero. > > The code change in commit 8df858ea76b76dde9a39d4edd9aaded983582cfe > only prevents ref_cnt from increasing beyond one. So the code no > longer work when there are multiple devices (i.e. wm_event could be > disposed even when there is an active device). > > Thanks, > Ben > > > On Tue, Jul 24, 2012 at 9:50 PM, devendra.aaru <devendra.aaru@gmail.com> wrote: >> On Tue, Jul 24, 2012 at 8:34 PM, Ben Chan <benchan@chromium.org> wrote: >>> This patch fixes the commit "staging/gdm72xx: cleanup little at >>> gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe), >>> which mishandles the reference counting of wm_event. >>> >>> Signed-off-by: Ben Chan <benchan@chromium.org> >>> --- >>> Fixed the commit message as suggested by Dan Carpenter. >>> >>> drivers/staging/gdm72xx/gdm_wimax.c | 16 ++++++++++------ >>> 1 files changed, 10 insertions(+), 6 deletions(-) >>> >>> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c >>> index 0716efc..6cb8107 100644 >>> --- a/drivers/staging/gdm72xx/gdm_wimax.c >>> +++ b/drivers/staging/gdm72xx/gdm_wimax.c >>> @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void) >>> if (!wm_event.ref_cnt) { >>> wm_event.sock = netlink_init(NETLINK_WIMAX, >>> gdm_wimax_event_rcv); >>> - if (wm_event.sock) >>> - wm_event.ref_cnt++; >>> - INIT_LIST_HEAD(&wm_event.evtq); >>> - INIT_LIST_HEAD(&wm_event.freeq); >>> - INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); >>> - spin_lock_init(&wm_event.evt_lock); >>> + if (wm_event.sock) { >>> + INIT_LIST_HEAD(&wm_event.evtq); >>> + INIT_LIST_HEAD(&wm_event.freeq); >>> + INIT_WORK(&wm_event.ws, __gdm_wimax_event_send); >>> + spin_lock_init(&wm_event.evt_lock); >>> + } >>> + } >>> + >>> + if (wm_event.sock) { >>> + wm_event.ref_cnt++; >>> return 0; >>> } >>> >>> -- >>> 1.7.7.3 >>> >> >> Hi Ben, >> >> I have some basic understanding about this flow of the function, >> >> Here is my understanding of the thing i have done when i was doing >> some cleanups to this driver. >> >> The ref_cnt will be 0 at first time. if so the sock creation happens >> only once, and register_wimax_device only calls this function. >> so i think doing the ref_cnt++ inside the if (!wm_event.ref_cnt) is valid. >> >> Please suggest me if i am wrong. >> >> Thanks, ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init 2012-07-25 13:53 ` Ben Chan 2012-08-08 19:50 ` Ben Chan @ 2012-08-10 4:30 ` devendra.aaru 2012-08-10 6:28 ` Dan Carpenter 1 sibling, 1 reply; 7+ messages in thread From: devendra.aaru @ 2012-08-10 4:30 UTC (permalink / raw) To: Ben Chan; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter On Wed, Jul 25, 2012 at 7:23 PM, Ben Chan <benchan@chromium.org> wrote: > Hi Devendra, > > Thanks for cleaning up the driver. If I understand the code > correctly, the original author wanted to initialize wm_event once and > reuse it for multiple devices, and thus reference counted it with > ref_cnt. > > For instance, each time gdm_usb_probe() is called, it may call > register_wimax_device() / gdm_wimax_event_init(). wm_event is > initialized the first time when wm_event.ref_cnt == 0 (alternatively, > the code could check !wm_event.sock). Subsequent calls to > gdm_wimax_event_init() will simply increase the ref count. Similarly, > gdm_usb_disconnect() calls unregister_wimax_device() / > gdm_wimax_event_exit(), which decreases the ref count and disposes > wm_event when ref_cnt becomes zero. > > The code change in commit 8df858ea76b76dde9a39d4edd9aaded983582cfe > only prevents ref_cnt from increasing beyond one. So the code no > longer work when there are multiple devices (i.e. wm_event could be > disposed even when there is an active device). > > Thanks, > Ben > > Sorry Ben, I didn't saw the mail for a long time, Thanks a lot for the long explanation, i will keep in mind of these problems, and also i think your patch is ok. Thanks, Devendra. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init 2012-08-10 4:30 ` devendra.aaru @ 2012-08-10 6:28 ` Dan Carpenter 2012-08-10 17:49 ` Ben Chan 0 siblings, 1 reply; 7+ messages in thread From: Dan Carpenter @ 2012-08-10 6:28 UTC (permalink / raw) To: devendra.aaru; +Cc: Ben Chan, Greg Kroah-Hartman, devel, linux-kernel Ben, I'm confused. Do you have a way to test this, or are you just doing manual review? regards, dan carpenter ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init 2012-08-10 6:28 ` Dan Carpenter @ 2012-08-10 17:49 ` Ben Chan 0 siblings, 0 replies; 7+ messages in thread From: Ben Chan @ 2012-08-10 17:49 UTC (permalink / raw) To: Dan Carpenter; +Cc: devendra.aaru, Greg Kroah-Hartman, devel, linux-kernel Hi Dan, I manually walked through the driver code and spotted the issue. But this morning I was able to get an extra module to verify my patch on hardware. I tested the following patterns using two identical modules, and checked the creation/destruction/ref_cnt of wm_event: - insert module A, remove A - insert A, insert B, remove A, remove B - insert A, insert B, remove B, remove A - insert A, insert B, remove A, remove B - insert A, insert B, remove B, insert B, remove B, remove A Thanks, Ben On Thu, Aug 9, 2012 at 11:28 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote: > Ben, I'm confused. Do you have a way to test this, or are you just > doing manual review? > > regards, > dan carpenter > ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-08-10 17:49 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-07-24 14:49 [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init Ben Chan 2012-07-25 4:50 ` devendra.aaru 2012-07-25 13:53 ` Ben Chan 2012-08-08 19:50 ` Ben Chan 2012-08-10 4:30 ` devendra.aaru 2012-08-10 6:28 ` Dan Carpenter 2012-08-10 17:49 ` Ben Chan
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox