On 2022/05/02 19:46, Oliver Neukum wrote:
>
>
> On 02.05.22 05:49, Tetsuo Handa wrote:
> Hi,
>
> there is one open question with this patch I am afraid.
>>
>> @@ -533,8 +550,10 @@ static int display_open(struct inode *inode, struct file *file)
>>
>> mutex_unlock(&ictx->lock);
>>
>> + if (retval && refcount_dec_and_test(&ictx->users))
>> + free_imon_context(ictx);
>> +
>>
>
> When could this ever happen? Either the device is disconnected, then
> you'll go to 'exit' or the refcount will go back to something >0, won't it?
>
(Step 0) Say, ictx->users is initially 1.
(Step 1) display_open() increments via refcount_inc_not_zero(), now is 2.
(Step 2) imon_disconnect() decrements via refcount_dec_and_test(), now is 1.
(Step 3) if retval != 0, display_open() needs to undo (Step 1) via
refcount_dec_and_test(), now is 0.
because imon_disconnect() can be called while display_open() is in progress...
