On Thu, 2019-03-21 at 19:11 -0400, Douglas Gilbert wrote:
> That doesn't sound right. If it was correct then sg_open() and sg_release()
> have mutex overkill (and I don't think that is caused by the complexity of
> adding O_EXCL which is damn hard to implement correctly).
>
> Example with existing ch driver code, two threads T1 and T2:
>
> T1 T2
> ========================================
> f1 = open("/dev/ch1")
> ....
> close(f1) f2 = open("dev/sg1")
>
>
> So if f2=open() gets ch (a pointer) but _before_ it does kref_get(),
> close(f1) gets in and does kref_put(&ch->ref, ch_destroy), ref goes
> to 0 and ch_destroy() gets called and now ch is dangling ....
Hi Doug,
I don't think that what you described can happen. The kref_put() call in
ch_release() can only drop the final reference after ch_remove() has been
called. Before ch_remove() calls kref_put() it removes the index from the
idr so ch_open() won't find that index in the idr anymore. In other words,
ch_open() can never encounter a zero refcount for an index that it found
in the idr.
Bart.
