On Fri, Aug 19, 2022 at 03:33:04PM +0200, Christian König wrote: > > > > So we could delete the try_buf and just rely on move being safe on > > > > partially destroyed dma_buf's as part of the API design. > > > I think that might be the more defensive approach. A comment on the > > > dma_buf_move_notify() function should probably be a good idea. > > IMHO, it is an anti-pattern. The caller should hold a strong reference > > on an object before invoking any API surface. Upgrading a weak > > reference to a strong reference requires the standard "try get" API. > > > > But if you feel strongly I don't mind dropping the try_get around move. > > Well I see it as well that both approaches are not ideal, but my gut feeling > tells me that just documenting that dma_buf_move_notify() can still be > called as long as the release callback wasn't called yet is probably the > better approach. The comment would say something like: "dma_resv_lock(), dma_buf_move_notify(), dma_resv_unlock() may be called with a 0 refcount so long as ops->release() hasn't returned" Which is a really abnormal API design, IMHO. Jason