Received: by 10.223.164.221 with SMTP id h29csp617725wrb; Tue, 24 Oct 2017 06:32:48 -0700 (PDT) X-Google-Smtp-Source: ABhQp+Qq1d36UcCkS+s3jjDjRCkbGcv+fL1vsiwcNcjiz1Pa5x4nIASuriZ/3Nr+YLMA9iwtz6+0 X-Received: by 10.98.93.136 with SMTP id n8mr16788305pfj.215.1508851967977; Tue, 24 Oct 2017 06:32:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508851967; cv=none; d=google.com; s=arc-20160816; b=YyT/73VdQdCePH98wx0Ixq7JqT6X5lfQM37er/JPfEBvwbkwO0t3BqkuoVm09cEEOh qBuSmdUFZbP6sEvjoPlgOtB3DMMu7x00M3q7bCn0swsPtyC25hTCVZtvgzjnip6BZcYF RkGC1aTog+3hhFGS+DRJ7wTrEyD9fIw/f0/kM/8HcEhgMqUon+i4OsY78oXUK7P/CB+f NIRCJm2sygmm399Pr/WZB2ErRvGgUiFx4itFesxM0ipjRXFjPuebkxnX3336RTWW4L01 LXQcOqtHsq/ZfNu0Q1dtscNiP7xO5hGXUm3mHaZOauQ6Z93daOxiymfSx5/RP8tiIY/+ 4Mfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=FUBgBRUZx6ywTjii/AKxpEx6IbO9Ac82zNI/AgVXs5w=; b=m/DS7lIWrHvlLjjLux55JFNdqPaU0y72YWF4AYorFzJYVtXZwJ5/e7HYGh/PIvJAwb /UButjNil8P6hsxY7heZqYPTiGPkhUycobhJU3n/CMm2SeRrSGXu1KZ8jZccyck3L2gG nFXujFC5WJ4U0dkJkp7f4MfjucBaoUF42yPBK/7ZnARdSw8ZeuA3ZCwph8+087tq3mSV jbbIPWVJfdkqzoJ7wMJP2dGS3H0/omHh7n2nOzyVqvZ2JC/qYufBv/J1MPRWSMG2tonr CYj5paYReAtSwdu3y+8ROepEzUyVVG/4HcSNbMwcOnlr0i3VwYezRTp4sGmLt70oPP20 lvGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=PhPg2OC8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j5si163080pgt.437.2017.10.24.06.32.34; Tue, 24 Oct 2017 06:32:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=PhPg2OC8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933923AbdJXNaP (ORCPT + 99 others); Tue, 24 Oct 2017 09:30:15 -0400 Received: from mail-wm0-f65.google.com ([74.125.82.65]:55693 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932468AbdJXNaM (ORCPT ); Tue, 24 Oct 2017 09:30:12 -0400 Received: by mail-wm0-f65.google.com with SMTP id u138so16338746wmu.4 for ; Tue, 24 Oct 2017 06:30:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexus-software-ie.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=FUBgBRUZx6ywTjii/AKxpEx6IbO9Ac82zNI/AgVXs5w=; b=PhPg2OC8LnGuZDgLcFlBQvyFgXwhdR/Hzfp5ScgqD+sXFkikJr00M8j42xJ4ikhA8j JnSJqtweuPaw3DsryGA7RaewzVfNDcZ3aIq0d/FEPZyJcku/snscq3wdXdLLzqEcAGJ6 NLoJJqqKBXnWAPWSiejWeU9gywA2JLuko7BTaGs1Rj5HOlCAItoQVt6bweOVSwq/poht d5qLl34WNuvKn8PUFR6wt7NUkyzcVIol7oqob3iPnRmCXLi3a+N2EOkRCzsGs3SbFosM tJdoIfN4RotPvjcVCYb/UheOcQi4Pu9UD9zcKrnjsuGtDjUwAYKZp1YTxKRO86ma85Se 81vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=FUBgBRUZx6ywTjii/AKxpEx6IbO9Ac82zNI/AgVXs5w=; b=qpoWjf3K7Zz5DxWUiENxNIkj6Xrl2eQbCS+dQUNRyHPR7COh1FHWABhNZ2B72DVUQB mOpvpqgfHO15Xdnizcjrhn0hZjaIzifE9V9nG2YluCLcMu/Zgt89W5O9loP2Pm5ISKTQ OwvYk2sjX9LyfC9MKil8yfKPCMKvg52WXoTcr3oO8QYqeraIrBvv3BA55GIPKkqo/4m3 uLvI/d6VGHi7Iyaym/TpavLAMu/GtkQ8gNZXsEc5xpyyOASnl2t4qYUK0ZAVLE1ZZeFR lS0+4rgX0fCRVZx2Q0b+b/Tctv4O4ElUxjMb2EMqMGlx2Rg+c5Q2DMBbJT4bR2S/w2T/ g2HQ== X-Gm-Message-State: AMCzsaUles4PMes+ZvvZLI2ttPPRrhadQfzoLfh3zclq2JHW9ztcLcXS 2VJJlIGw05ks3+lnTkZw0zCAi7cSYRU= X-Received: by 10.80.145.245 with SMTP id h50mr16274142eda.139.1508851810632; Tue, 24 Oct 2017 06:30:10 -0700 (PDT) Received: from [192.168.192.35] ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d30sm278022ede.10.2017.10.24.06.30.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Oct 2017 06:30:10 -0700 (PDT) Subject: Re: [PATCH] staging: greybus: Convert timers to use timer_setup() To: Kees Cook Cc: Greg Kroah-Hartman , Johan Hovold , Alex Elder , greybus-dev@lists.linaro.org, devel@driverdev.osuosl.org, LKML References: <20171024082550.GA142933@beast> <3caa07a1-4f46-d879-cfec-586addc006af@nexus-software.ie> <42078a19-4922-3efe-8515-99cf6296ceed@nexus-software.ie> <20c510b6-345d-06b0-e559-d781a307b7d2@nexus-software.ie> From: Bryan O'Donoghue Message-ID: Date: Tue, 24 Oct 2017 14:30:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 24/10/17 14:14, Kees Cook wrote: > On Tue, Oct 24, 2017 at 5:52 AM, Bryan O'Donoghue > wrote: >> On 24/10/17 13:47, Kees Cook wrote: >>> >>> On Tue, Oct 24, 2017 at 2:40 AM, Bryan O'Donoghue >>> wrote: >>>> >>>> On 24/10/17 10:35, Bryan O'Donoghue wrote: >>>>> >>>>> >>>>> On 24/10/17 09:25, Kees Cook wrote: >>>>>> >>>>>> >>>>>> In preparation for unconditionally passing the struct timer_list >>>>>> pointer >>>>>> to >>>>>> all timer callbacks, switch to using the new timer_setup() and >>>>>> from_timer() >>>>>> to pass the timer pointer explicitly. >>>>>> >>>>>> Cc: Greg Kroah-Hartman >>>>>> Cc: "Bryan O'Donoghue" >>>>>> Cc: Johan Hovold >>>>>> Cc: Alex Elder >>>>>> Cc: greybus-dev@lists.linaro.org >>>>>> Cc: devel@driverdev.osuosl.org >>>>>> Signed-off-by: Kees Cook >>>>>> --- >>>>>> drivers/staging/greybus/loopback.c | 14 ++++---------- >>>>>> drivers/staging/greybus/operation.c | 7 +++---- >>>>>> 2 files changed, 7 insertions(+), 14 deletions(-) >>>>>> >>>>>> diff --git a/drivers/staging/greybus/loopback.c >>>>>> b/drivers/staging/greybus/loopback.c >>>>>> index 08e255884206..045aaf81113a 100644 >>>>>> --- a/drivers/staging/greybus/loopback.c >>>>>> +++ b/drivers/staging/greybus/loopback.c >>>>>> @@ -572,16 +572,11 @@ static void >>>>>> gb_loopback_async_operation_work(struct >>>>>> work_struct *work) >>>>>> gb_loopback_async_operation_put(op_async); >>>>>> } >>>>>> -static void gb_loopback_async_operation_timeout(unsigned long data) >>>>>> +static void gb_loopback_async_operation_timeout(struct timer_list *t) >>>>>> { >>>>>> - struct gb_loopback_async_operation *op_async; >>>>>> - u16 id = data; >>>>>> + struct gb_loopback_async_operation *op_async = >>>>>> + from_timer(op_async, t, timer); >>>>>> - op_async = gb_loopback_operation_find(id); >>>>>> - if (!op_async) { >>>>>> - pr_err("operation %d not found - time out ?\n", id); >>>>>> - return; >>>>>> - } >>>>> >>>>> >>>>> >>>>> Hi Kees, you need to add >>>>> >>>>> gb_loopback_async_operation_get(op_async); when dropping the >>>>> gb_loopback_operation_find() call here. >>>> >>>> >>>> >>>> Actually: >>>> >>>> spin_lock_irqsave(&gb_dev.lock, flags); >>>> gb_loopback_async_operation_get(op_async); >>>> spin_unlock_irqrestore(&gb_dev.lock, flags); >>> >>> Shouldn't the get/put follow the lifetime of the timer running >>> instead? It shouldnt' be possible to free the op_async while the timer >>> is still pending/running. >> >> The timeout timer runs for an operation that never completed but on the >> regular "everything is good" path you end up doing >> del_timer_sync(&op_async->timer); so the timer doesn't run. > > As far as I can tell, the get/put is already happening external to the timer: > > gb_loopback_async_operation(): > ... > op_async = kzalloc(sizeof(*op_async), GFP_KERNEL); > ... > INIT_WORK(&op_async->work, gb_loopback_async_operation_work); > kref_init(&op_async->kref); > ... > op_async->pending = true; > ... > ret = gb_operation_request_send(operation, > gb_loopback_async_operation_callback, > 0, > GFP_KERNEL); > ... > timer_setup(&op_async->timer, gb_loopback_async_operation_timeout, 0); > op_async->timer.expires = jiffies + gb->jiffy_timeout; > add_timer(&op_async->timer); > > > gb_loopback_async_operation_callback(): (run by operation) > ... > op_async->pending = false; > del_timer_sync(&op_async->timer); > gb_loopback_async_operation_put(op_async); > > > gb_loopback_async_operation_work(): (scheduled by timer) > ... > op_async->pending = false; > gb_loopback_async_operation_put(op_async); > > (Doing a get/put in the timer callback itself shouldn't be happening: > it must already be pinned in memory for the callback to run.) Both gb_loopback_async_operation_callback() and (gb_loopback_async_operation_timeout || gb_loopback_async_operation_work()) can run in parallel so the get in the timer callback means we can let the timer stuff free-run w/r to gb_loopback_async_operation_callback() - take a reference indicating we still want that object and then let gb_loopback_async_operation_work() run. --- bod From 1582145747833201058@xxx Tue Oct 24 13:29:24 +0000 2017 X-GM-THRID: 1582126742408023281 X-Gmail-Labels: Inbox,Category Forums