linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
@ 2012-07-24 14:49 Ben Chan
  2012-07-25  4:50 ` devendra.aaru
  0 siblings, 1 reply; 7+ messages in thread
From: Ben Chan @ 2012-07-24 14:49 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: devel, linux-kernel, Devendra Naga, benchan, Dan Carpenter

This patch fixes the commit "staging/gdm72xx: cleanup little at
gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe),
which mishandles the reference counting of wm_event.

Signed-off-by: Ben Chan <benchan@chromium.org>
---
Fixed the commit message as suggested by Dan Carpenter.

 drivers/staging/gdm72xx/gdm_wimax.c |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c
index 0716efc..6cb8107 100644
--- a/drivers/staging/gdm72xx/gdm_wimax.c
+++ b/drivers/staging/gdm72xx/gdm_wimax.c
@@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void)
 	if (!wm_event.ref_cnt) {
 		wm_event.sock = netlink_init(NETLINK_WIMAX,
 						gdm_wimax_event_rcv);
-		if (wm_event.sock)
-			wm_event.ref_cnt++;
-		INIT_LIST_HEAD(&wm_event.evtq);
-		INIT_LIST_HEAD(&wm_event.freeq);
-		INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
-		spin_lock_init(&wm_event.evt_lock);
+		if (wm_event.sock) {
+			INIT_LIST_HEAD(&wm_event.evtq);
+			INIT_LIST_HEAD(&wm_event.freeq);
+			INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
+			spin_lock_init(&wm_event.evt_lock);
+		}
+	}
+
+	if (wm_event.sock) {
+		wm_event.ref_cnt++;
 		return 0;
 	}
 
-- 
1.7.7.3


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
  2012-07-24 14:49 [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init Ben Chan
@ 2012-07-25  4:50 ` devendra.aaru
  2012-07-25 13:53   ` Ben Chan
  0 siblings, 1 reply; 7+ messages in thread
From: devendra.aaru @ 2012-07-25  4:50 UTC (permalink / raw)
  To: Ben Chan; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter

On Tue, Jul 24, 2012 at 8:34 PM, Ben Chan <benchan@chromium.org> wrote:
> This patch fixes the commit "staging/gdm72xx: cleanup little at
> gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe),
> which mishandles the reference counting of wm_event.
>
> Signed-off-by: Ben Chan <benchan@chromium.org>
> ---
> Fixed the commit message as suggested by Dan Carpenter.
>
>  drivers/staging/gdm72xx/gdm_wimax.c |   16 ++++++++++------
>  1 files changed, 10 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c
> index 0716efc..6cb8107 100644
> --- a/drivers/staging/gdm72xx/gdm_wimax.c
> +++ b/drivers/staging/gdm72xx/gdm_wimax.c
> @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void)
>         if (!wm_event.ref_cnt) {
>                 wm_event.sock = netlink_init(NETLINK_WIMAX,
>                                                 gdm_wimax_event_rcv);
> -               if (wm_event.sock)
> -                       wm_event.ref_cnt++;
> -               INIT_LIST_HEAD(&wm_event.evtq);
> -               INIT_LIST_HEAD(&wm_event.freeq);
> -               INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
> -               spin_lock_init(&wm_event.evt_lock);
> +               if (wm_event.sock) {
> +                       INIT_LIST_HEAD(&wm_event.evtq);
> +                       INIT_LIST_HEAD(&wm_event.freeq);
> +                       INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
> +                       spin_lock_init(&wm_event.evt_lock);
> +               }
> +       }
> +
> +       if (wm_event.sock) {
> +               wm_event.ref_cnt++;
>                 return 0;
>         }
>
> --
> 1.7.7.3
>

Hi Ben,

I have some basic understanding about this flow of the function,

Here is my understanding of the thing i have done when i was doing
some cleanups to this driver.

The ref_cnt will be 0 at first time. if so the sock creation happens
only once, and register_wimax_device only calls this function.
so i think doing the ref_cnt++ inside the if (!wm_event.ref_cnt) is valid.

Please suggest me if i am wrong.

Thanks,

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
  2012-07-25  4:50 ` devendra.aaru
@ 2012-07-25 13:53   ` Ben Chan
  2012-08-08 19:50     ` Ben Chan
  2012-08-10  4:30     ` devendra.aaru
  0 siblings, 2 replies; 7+ messages in thread
From: Ben Chan @ 2012-07-25 13:53 UTC (permalink / raw)
  To: devendra.aaru; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter

Hi Devendra,

Thanks for cleaning up the driver.  If I understand the code
correctly, the original author wanted to initialize wm_event once and
reuse it for multiple devices, and thus reference counted it with
ref_cnt.

For instance, each time gdm_usb_probe() is called, it may call
register_wimax_device() / gdm_wimax_event_init(). wm_event is
initialized the first time when wm_event.ref_cnt == 0 (alternatively,
the code could check !wm_event.sock). Subsequent calls to
gdm_wimax_event_init() will simply increase the ref count. Similarly,
gdm_usb_disconnect() calls unregister_wimax_device() /
gdm_wimax_event_exit(), which decreases the ref count and disposes
wm_event when ref_cnt becomes zero.

The code change in commit 8df858ea76b76dde9a39d4edd9aaded983582cfe
only prevents ref_cnt from increasing beyond one. So the code no
longer work when there are multiple devices (i.e. wm_event could be
disposed even when there is an active device).

Thanks,
Ben


On Tue, Jul 24, 2012 at 9:50 PM, devendra.aaru <devendra.aaru@gmail.com> wrote:
> On Tue, Jul 24, 2012 at 8:34 PM, Ben Chan <benchan@chromium.org> wrote:
>> This patch fixes the commit "staging/gdm72xx: cleanup little at
>> gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe),
>> which mishandles the reference counting of wm_event.
>>
>> Signed-off-by: Ben Chan <benchan@chromium.org>
>> ---
>> Fixed the commit message as suggested by Dan Carpenter.
>>
>>  drivers/staging/gdm72xx/gdm_wimax.c |   16 ++++++++++------
>>  1 files changed, 10 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c
>> index 0716efc..6cb8107 100644
>> --- a/drivers/staging/gdm72xx/gdm_wimax.c
>> +++ b/drivers/staging/gdm72xx/gdm_wimax.c
>> @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void)
>>         if (!wm_event.ref_cnt) {
>>                 wm_event.sock = netlink_init(NETLINK_WIMAX,
>>                                                 gdm_wimax_event_rcv);
>> -               if (wm_event.sock)
>> -                       wm_event.ref_cnt++;
>> -               INIT_LIST_HEAD(&wm_event.evtq);
>> -               INIT_LIST_HEAD(&wm_event.freeq);
>> -               INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
>> -               spin_lock_init(&wm_event.evt_lock);
>> +               if (wm_event.sock) {
>> +                       INIT_LIST_HEAD(&wm_event.evtq);
>> +                       INIT_LIST_HEAD(&wm_event.freeq);
>> +                       INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
>> +                       spin_lock_init(&wm_event.evt_lock);
>> +               }
>> +       }
>> +
>> +       if (wm_event.sock) {
>> +               wm_event.ref_cnt++;
>>                 return 0;
>>         }
>>
>> --
>> 1.7.7.3
>>
>
> Hi Ben,
>
> I have some basic understanding about this flow of the function,
>
> Here is my understanding of the thing i have done when i was doing
> some cleanups to this driver.
>
> The ref_cnt will be 0 at first time. if so the sock creation happens
> only once, and register_wimax_device only calls this function.
> so i think doing the ref_cnt++ inside the if (!wm_event.ref_cnt) is valid.
>
> Please suggest me if i am wrong.
>
> Thanks,

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
  2012-07-25 13:53   ` Ben Chan
@ 2012-08-08 19:50     ` Ben Chan
  2012-08-10  4:30     ` devendra.aaru
  1 sibling, 0 replies; 7+ messages in thread
From: Ben Chan @ 2012-08-08 19:50 UTC (permalink / raw)
  To: devendra.aaru; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter

Hi,

Does patch v2 make sense?

Thanks,
Ben

On Wed, Jul 25, 2012 at 6:53 AM, Ben Chan <benchan@chromium.org> wrote:
> Hi Devendra,
>
> Thanks for cleaning up the driver.  If I understand the code
> correctly, the original author wanted to initialize wm_event once and
> reuse it for multiple devices, and thus reference counted it with
> ref_cnt.
>
> For instance, each time gdm_usb_probe() is called, it may call
> register_wimax_device() / gdm_wimax_event_init(). wm_event is
> initialized the first time when wm_event.ref_cnt == 0 (alternatively,
> the code could check !wm_event.sock). Subsequent calls to
> gdm_wimax_event_init() will simply increase the ref count. Similarly,
> gdm_usb_disconnect() calls unregister_wimax_device() /
> gdm_wimax_event_exit(), which decreases the ref count and disposes
> wm_event when ref_cnt becomes zero.
>
> The code change in commit 8df858ea76b76dde9a39d4edd9aaded983582cfe
> only prevents ref_cnt from increasing beyond one. So the code no
> longer work when there are multiple devices (i.e. wm_event could be
> disposed even when there is an active device).
>
> Thanks,
> Ben
>
>
> On Tue, Jul 24, 2012 at 9:50 PM, devendra.aaru <devendra.aaru@gmail.com> wrote:
>> On Tue, Jul 24, 2012 at 8:34 PM, Ben Chan <benchan@chromium.org> wrote:
>>> This patch fixes the commit "staging/gdm72xx: cleanup little at
>>> gdm_wimax_event_rcv" (8df858ea76b76dde9a39d4edd9aaded983582cfe),
>>> which mishandles the reference counting of wm_event.
>>>
>>> Signed-off-by: Ben Chan <benchan@chromium.org>
>>> ---
>>> Fixed the commit message as suggested by Dan Carpenter.
>>>
>>>  drivers/staging/gdm72xx/gdm_wimax.c |   16 ++++++++++------
>>>  1 files changed, 10 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c
>>> index 0716efc..6cb8107 100644
>>> --- a/drivers/staging/gdm72xx/gdm_wimax.c
>>> +++ b/drivers/staging/gdm72xx/gdm_wimax.c
>>> @@ -258,12 +258,16 @@ static int gdm_wimax_event_init(void)
>>>         if (!wm_event.ref_cnt) {
>>>                 wm_event.sock = netlink_init(NETLINK_WIMAX,
>>>                                                 gdm_wimax_event_rcv);
>>> -               if (wm_event.sock)
>>> -                       wm_event.ref_cnt++;
>>> -               INIT_LIST_HEAD(&wm_event.evtq);
>>> -               INIT_LIST_HEAD(&wm_event.freeq);
>>> -               INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
>>> -               spin_lock_init(&wm_event.evt_lock);
>>> +               if (wm_event.sock) {
>>> +                       INIT_LIST_HEAD(&wm_event.evtq);
>>> +                       INIT_LIST_HEAD(&wm_event.freeq);
>>> +                       INIT_WORK(&wm_event.ws, __gdm_wimax_event_send);
>>> +                       spin_lock_init(&wm_event.evt_lock);
>>> +               }
>>> +       }
>>> +
>>> +       if (wm_event.sock) {
>>> +               wm_event.ref_cnt++;
>>>                 return 0;
>>>         }
>>>
>>> --
>>> 1.7.7.3
>>>
>>
>> Hi Ben,
>>
>> I have some basic understanding about this flow of the function,
>>
>> Here is my understanding of the thing i have done when i was doing
>> some cleanups to this driver.
>>
>> The ref_cnt will be 0 at first time. if so the sock creation happens
>> only once, and register_wimax_device only calls this function.
>> so i think doing the ref_cnt++ inside the if (!wm_event.ref_cnt) is valid.
>>
>> Please suggest me if i am wrong.
>>
>> Thanks,

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
  2012-07-25 13:53   ` Ben Chan
  2012-08-08 19:50     ` Ben Chan
@ 2012-08-10  4:30     ` devendra.aaru
  2012-08-10  6:28       ` Dan Carpenter
  1 sibling, 1 reply; 7+ messages in thread
From: devendra.aaru @ 2012-08-10  4:30 UTC (permalink / raw)
  To: Ben Chan; +Cc: Greg Kroah-Hartman, devel, linux-kernel, Dan Carpenter

On Wed, Jul 25, 2012 at 7:23 PM, Ben Chan <benchan@chromium.org> wrote:
> Hi Devendra,
>
> Thanks for cleaning up the driver.  If I understand the code
> correctly, the original author wanted to initialize wm_event once and
> reuse it for multiple devices, and thus reference counted it with
> ref_cnt.
>
> For instance, each time gdm_usb_probe() is called, it may call
> register_wimax_device() / gdm_wimax_event_init(). wm_event is
> initialized the first time when wm_event.ref_cnt == 0 (alternatively,
> the code could check !wm_event.sock). Subsequent calls to
> gdm_wimax_event_init() will simply increase the ref count. Similarly,
> gdm_usb_disconnect() calls unregister_wimax_device() /
> gdm_wimax_event_exit(), which decreases the ref count and disposes
> wm_event when ref_cnt becomes zero.
>
> The code change in commit 8df858ea76b76dde9a39d4edd9aaded983582cfe
> only prevents ref_cnt from increasing beyond one. So the code no
> longer work when there are multiple devices (i.e. wm_event could be
> disposed even when there is an active device).
>
> Thanks,
> Ben
>
>
Sorry Ben, I didn't saw the mail for a long time,

Thanks a lot for the long explanation, i will keep in mind of these
problems, and also i think your patch is ok.

Thanks,
Devendra.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
  2012-08-10  4:30     ` devendra.aaru
@ 2012-08-10  6:28       ` Dan Carpenter
  2012-08-10 17:49         ` Ben Chan
  0 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2012-08-10  6:28 UTC (permalink / raw)
  To: devendra.aaru; +Cc: Ben Chan, Greg Kroah-Hartman, devel, linux-kernel

Ben, I'm confused.  Do you have a way to test this, or are you just
doing manual review?

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init
  2012-08-10  6:28       ` Dan Carpenter
@ 2012-08-10 17:49         ` Ben Chan
  0 siblings, 0 replies; 7+ messages in thread
From: Ben Chan @ 2012-08-10 17:49 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: devendra.aaru, Greg Kroah-Hartman, devel, linux-kernel

Hi Dan,

I manually walked through the driver code and spotted the issue. But
this morning I was able to get an extra module to verify my patch on
hardware.

I tested the following patterns using two identical modules, and
checked the creation/destruction/ref_cnt of wm_event:
- insert module A, remove A
- insert A, insert B, remove A, remove B
- insert A, insert B, remove B, remove A
- insert A, insert B, remove A, remove B
- insert A, insert B, remove B, insert B, remove B, remove A

Thanks,
Ben

On Thu, Aug 9, 2012 at 11:28 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> Ben, I'm confused.  Do you have a way to test this, or are you just
> doing manual review?
>
> regards,
> dan carpenter
>

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-08-10 17:49 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-24 14:49 [PATCH v2] staging: gdm72xx: fix reference counting in gdm_wimax_event_init Ben Chan
2012-07-25  4:50 ` devendra.aaru
2012-07-25 13:53   ` Ben Chan
2012-08-08 19:50     ` Ben Chan
2012-08-10  4:30     ` devendra.aaru
2012-08-10  6:28       ` Dan Carpenter
2012-08-10 17:49         ` Ben Chan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).