On Thu, Aug 02, 2012 at 03:37:13PM +0530, Shubhrajyoti wrote:
> On Wednesday 01 August 2012 08:37 PM, Guenter Roeck wrote:
> > On Wed, Aug 01, 2012 at 03:06:28PM +0530, Shubhrajyoti D wrote:
> >> The kfree() is taken care of by the spi core (spi_master_release()
> >> function)
> >> that is called once the last reference to the underlying struct device has
> >> been released. So the driver need not call kfree.
> >>
> >> Also the put was missed in some of the error handling fix the same.
> >> There by fixing the missing device_put in some of the error paths.
> >>
> >> Cc: Guenter Roeck <li...@roeck-us.net>
> > Reported-by: may be better here.
> My bad. I should have done.
> >
> >> Signed-off-by: Shubhrajyoti D <shubhrajy...@ti.com>
> > Acked-by: Guenter Roeck <li...@roeck-us.net>
> thanks.
> > I suspect that "spi_master_put(master);" may also be missing in
> > omap2_mcspi_remove(), but we'll need someone to confirm that.
> Looks unlikely.
>
> spi_master_put does a
> ...
> if (master)
> put_device(&master->dev);
> ...
>
> In remove I call
>
> spi_unregister_master
> ...
> */
> void spi_unregister_master(struct spi_master *master)
> {
> int dummy;
> [...]
>
> dummy = device_for_each_child(&master->dev, NULL, __unregister);
> device_unregister(&master->dev);
> }
>
> and
>
> void device_unregister(struct device *dev)
> {
> [..]
> device_del(dev);
> put_device(dev);
> }
>
> Hope my understanding is correct.
>
I think it is; I checked the refcount. spi_register_master increases
refcount from 1 to 3, and spi_unregister_master decreases it from 3 to 0.
Now, if _my_ understanding is correct, that means the data structure allocated
with spi_alloc_master, and specifically the device private data structure
(struct omap2_mcspi in your case), is freed with spi_unregister_master().
If so, it must not be accessed after the call to spi_unregister_master().
However, many drivers do access this data after the call to
spi_unregister_master(). spi-tegra.c is a good example, but there are many
others. Does that mean that those drivers access freed memory ?
Also, some other drivers do call spi_master_put() after spi_unregister_master(),
with no matching spi_master_get() (eg spi-topcliff-pch.c). Does that mean that
those drivers call spi_master_put() on free memory ?
Thanks,
Guenter
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
spi-devel-general mailing list
spi-devel-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/spi-devel-general
