From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:38324) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TTunH-0007ZF-Hu for qemu-devel@nongnu.org; Thu, 01 Nov 2012 09:26:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TTunG-000451-Fi for qemu-devel@nongnu.org; Thu, 01 Nov 2012 09:26:47 -0400 Received: from mx1.redhat.com ([209.132.183.28]:13663) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TTunG-00044x-5g for qemu-devel@nongnu.org; Thu, 01 Nov 2012 09:26:46 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id qA1DQjtw003326 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 1 Nov 2012 09:26:45 -0400 Message-ID: <50927900.8000301@redhat.com> Date: Thu, 01 Nov 2012 14:28:32 +0100 From: Hans de Goede MIME-Version: 1.0 References: <1351687636-14253-1-git-send-email-hdegoede@redhat.com> <1351687636-14253-2-git-send-email-hdegoede@redhat.com> <50924A2F.7090706@redhat.com> <509275CC.1090309@redhat.com> In-Reply-To: <509275CC.1090309@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 1/8] usb: Add packet combining functions List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gerd Hoffmann Cc: qemu-devel@nongnu.org Hi, On 11/01/2012 02:14 PM, Hans de Goede wrote: > Hi, > > On 11/01/2012 11:08 AM, Gerd Hoffmann wrote: >> On 10/31/12 13:47, Hans de Goede wrote: >>> + /* >>> + * If we had leftover packets the hcd driver will have cancelled them >>> + * and usb_combined_packet_cancel has already freed combined! >>> + */ >>> + if (state != leftover) { >>> + g_free(combined); >>> + } >> >> This calls for reference-counting USBCombinedPacket IMHO. > > Why? We call packet_complete with a status if USB_RET_REMOVE_FROM_QUEUE > if we've left-over packets, the hcd code will cancel these, and > usb_combined_packet_cancel will free the combined packet when the > last packet of it gets cancelled, which *will* happen as we're > always processing *all* packets in combined here. There is no > scenario here where one or the other party wants to keep the > combined packet around any longer... > > The only reason this is a bit non straightforward is that > normally packets get freed either on completion or cancellation, > but here we've a partial completion and a partial cancellation. Also note that reference counting will not make the special case go away, as for combined packets without any leftover packets the packet_complete (status == USB_RET_REMOVE_FROM_QUEUE) -> cancel -> free/unref will never happen. So simply taking a ref at the beginning of usb_combined_input_packet_complete and then doing unref at the end will not help. Because for combined-packets where all packets where used we then would need to do unref twice, once to drop the local ref, and once to drop the final ref. Regards, Hans