Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752276AbdIVWtE (ORCPT ); Fri, 22 Sep 2017 18:49:04 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:41967 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752083AbdIVWtD (ORCPT ); Fri, 22 Sep 2017 18:49:03 -0400 Subject: Re: [PATCH v4 12/13] xen/pvcalls: implement release command To: Stefano Stabellini , xen-devel@lists.xen.org References: <1505516440-11111-1-git-send-email-sstabellini@kernel.org> <1505516440-11111-12-git-send-email-sstabellini@kernel.org> Cc: linux-kernel@vger.kernel.org, jgross@suse.com, Stefano Stabellini From: Boris Ostrovsky Message-ID: <71b5ef48-c3d4-3e46-cc2c-c1a64a4de71d@oracle.com> Date: Fri, 22 Sep 2017 18:48:42 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Source-IP: aserv0022.oracle.com [141.146.126.234] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1148 Lines: 42 >> + */ >> + map->active.ring->in_error = -EBADF; >> + wake_up_interruptible(&map->active.inflight_conn_req); >> + >> + /* >> + * Wait until there are no more waiters on the mutexes. >> + * We know that no new waiters can be added because sk_send_head >> + * is set to NULL -- we only need to wait for the existing >> + * waiters to return. >> + */ >> + while (!mutex_trylock(&map->active.in_mutex) || >> + !mutex_trylock(&map->active.out_mutex)) >> + cpu_relax(); > > What if you manage to grab the locks before waiters get to run? for > example, in recvmsg: > > while (!(flags & MSG_DONTWAIT) && !pvcalls_front_read_todo(map)) { > wait_event_interruptible(map->active.inflight_conn_req, > pvcalls_front_read_todo(map)); > } > ret = __read_ring(map->active.ring, &map->active.data, > &msg->msg_iter, len, flags); > > map will be freed (by pvcalls_front_free_map() below) before __read_ring > is passed the just-freed ring. Actually, since you don't drop the locks I am not sure recvmsg side will even get there. -boris > > >> + >> + pvcalls_front_free_map(bedata, map); >> + kfree(map); > > -boris > >