Hi,
much better IMO.
On 14. 12. 21, 18:06, Arnaud Pouliquen wrote:
In current implementation the tty_port struct is part of the
rpmsg_tty_port structure.The issue is that the rpmsg_tty_port structure is
freed on rpmsg_tty_remove but also referenced in the tty_struct.
Its release is not predictable due to workqueues.
For instance following ftrace shows that rpmsg_tty_close is called after
rpmsg_tty_release_cport:
...
diff --git a/drivers/tty/rpmsg_tty.c b/drivers/tty/rpmsg_tty.c
index dae2a4e44f38..69272ad92266 100644
--- a/drivers/tty/rpmsg_tty.c
+++ b/drivers/tty/rpmsg_tty.c
@@ -53,9 +53,19 @@ static int rpmsg_tty_install(struct tty_driver *driver, struct tty_struct *tty)
tty->driver_data = cport;
+ tty_port_get(&cport->port);
Can't this fail? Like when racing with removal?
return tty_port_install(&cport->port, driver, tty);
}
...
static struct rpmsg_tty_port *rpmsg_tty_alloc_cport(void)
@@ -139,6 +156,8 @@ static struct rpmsg_tty_port *rpmsg_tty_alloc_cport(void)
static void rpmsg_tty_release_cport(struct rpmsg_tty_port *cport)
{
+ tty_port_destroy(&cport->port);
+
You should not call tty_port_destroy when you use refcounting. The port
is already destroyed when ->destruct() is called. (It has currently no
bad effect calling it twice on a port though.)
@@ -146,7 +165,17 @@ static void rpmsg_tty_release_cport(struct rpmsg_tty_port *cport)
kfree(cport);
}
-static const struct tty_port_operations rpmsg_tty_port_ops = { };
+static void rpmsg_tty_destruct_port(struct tty_port *port)
+{
+ struct rpmsg_tty_port *cport = container_of(port, struct rpmsg_tty_port, port);
+
+ rpmsg_tty_release_cport(cport);
+}
+
+static const struct tty_port_operations rpmsg_tty_port_ops = {
+ .destruct = rpmsg_tty_destruct_port,
+};
+
static int rpmsg_tty_probe(struct rpmsg_device *rpdev)
{
@@ -179,7 +208,6 @@ static int rpmsg_tty_probe(struct rpmsg_device *rpdev)
return 0;
err_destroy:
- tty_port_destroy(&cport->port);
rpmsg_tty_release_cport(cport);
Couldn't you just put the port here? And inline rpmsg_tty_release_cport
into the new rpmsg_tty_destruct_port?
thanks,
--
js
suse labs