"das16" uses a kernel timer but never removes it from the queue
synchronously at the moment. Patch 1 makes sure this is done before it
is destroyed. Patch 2 uses the comedi device's main spin-lock to ensure
some state shared with the timer routine is updated in an SMP-safe
manner.
1) staging: comedi: das16: deschedule timer routine on detach
2) staging: comedi: das16: use spin-lock when setting timer
drivers/staging/comedi/drivers/das16.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
The "das16" driver optionally uses a kernel timer and a DMA channel to
support asynchronous data acquisition, but currently never calls
`del_timer_sync()`. There is some possibility the timer routine could
still be scheduled to run when the comedi "detach" handler is run to
clean up the device and cause a certain amount of havoc. Avoid that by
calling `del_time_sync()` in the comedi "detach" handler
`das16_detach()` if the timer was initialized by the "attach" handler
`das16_attach()`. Use the timer's `data` member to tell whether it was
initialized or not.
Signed-off-by: Ian Abbott <[email protected]>
---
drivers/staging/comedi/drivers/das16.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/comedi/drivers/das16.c b/drivers/staging/comedi/drivers/das16.c
index 5d47d0a..51c4a58 100644
--- a/drivers/staging/comedi/drivers/das16.c
+++ b/drivers/staging/comedi/drivers/das16.c
@@ -1226,6 +1226,8 @@ static void das16_detach(struct comedi_device *dev)
int i;
if (devpriv) {
+ if (devpriv->timer.data)
+ del_timer_sync(&devpriv->timer);
if (dev->iobase)
das16_reset(dev);
--
2.1.1
"das16" sets a timer running in `das16_cmd_exec()` and sets
`devpriv->timer_running` to indicate that it is running. The timer
expiration routine `das16_timer_interrupt()` checks
`devpriv->timer_running` to check whether it needs to reschedule the
timer, but this is not synchronized with `das16_cmd_exec()`. Since
`das16_cancel()` acquires the `dev->spinlock` spin-lock when clearing
`devpriv->timer_running` and removing the timer from the queue, use the
same spin-lock in `das16_cmd_exec()` and `das16_timer_interrupt()`
around the setting and checking of `devpriv->timer_running`.
Since `das16_interrupt()` (called from `das16_timer_interrupt()`) checks
whether DMA is enabled in the device while holding `dev->spinlock`, and
DMA is enabled by `das16_cmd_exec()` around the time it schedules the
timer, enable the DMA in the device while holding the spin-lock.
Signed-off-by: Ian Abbott <[email protected]>
---
drivers/staging/comedi/drivers/das16.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/comedi/drivers/das16.c b/drivers/staging/comedi/drivers/das16.c
index 51c4a58..3d38404 100644
--- a/drivers/staging/comedi/drivers/das16.c
+++ b/drivers/staging/comedi/drivers/das16.c
@@ -593,11 +593,14 @@ static void das16_timer_interrupt(unsigned long arg)
{
struct comedi_device *dev = (struct comedi_device *)arg;
struct das16_private_struct *devpriv = dev->private;
+ unsigned long flags;
das16_interrupt(dev);
+ spin_lock_irqsave(&dev->spinlock, flags);
if (devpriv->timer_running)
mod_timer(&devpriv->timer, jiffies + timer_period());
+ spin_unlock_irqrestore(&dev->spinlock, flags);
}
static int das16_ai_check_chanlist(struct comedi_device *dev,
@@ -814,7 +817,8 @@ static int das16_cmd_exec(struct comedi_device *dev, struct comedi_subdevice *s)
enable_dma(devpriv->dma_chan);
release_dma_lock(flags);
- /* set up interrupt */
+ /* set up timer */
+ spin_lock_irqsave(&dev->spinlock, flags);
devpriv->timer_running = 1;
devpriv->timer.expires = jiffies + timer_period();
add_timer(&devpriv->timer);
@@ -823,6 +827,7 @@ static int das16_cmd_exec(struct comedi_device *dev, struct comedi_subdevice *s)
if (devpriv->can_burst)
outb(0, dev->iobase + DAS1600_CONV_REG);
+ spin_unlock_irqrestore(&dev->spinlock, flags);
return 0;
}
--
2.1.1
On Wednesday, October 29, 2014 10:35 AM, Ian Abbott wrote:
> "das16" uses a kernel timer but never removes it from the queue
> synchronously at the moment. Patch 1 makes sure this is done before it
> is destroyed. Patch 2 uses the comedi device's main spin-lock to ensure
> some state shared with the timer routine is updated in an SMP-safe
> manner.
>
> 1) staging: comedi: das16: deschedule timer routine on detach
> 2) staging: comedi: das16: use spin-lock when setting timer
>
> drivers/staging/comedi/drivers/das16.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
Reviewed-by: H Hartley Sweeten <[email protected]>