Hi Simon,
Thanks for your feedback.
On 2018-04-25 09:18:51 +0200, Simon Horman wrote:
> On Wed, Apr 25, 2018 at 01:45:06AM +0200, Niklas Söderlund wrote:
> > Store the group pointer before disassociating the VIN from the group.
> >
> > Fixes: 3bb4c3bc85bf77a7 ("media: rcar-vin: add group allocator functions")
> > Reported-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> > Signed-off-by: Niklas Söderlund <niklas.soderlund+renesas@xxxxxxxxxxxx>
> > ---
> > drivers/media/platform/rcar-vin/rcar-core.c | 12 +++++++-----
> > 1 file changed, 7 insertions(+), 5 deletions(-)
> >
> > diff --git a/drivers/media/platform/rcar-vin/rcar-core.c b/drivers/media/platform/rcar-vin/rcar-core.c
> > index 7bc2774a11232362..d3072e166a1ca24f 100644
> > --- a/drivers/media/platform/rcar-vin/rcar-core.c
> > +++ b/drivers/media/platform/rcar-vin/rcar-core.c
> > @@ -338,19 +338,21 @@ static int rvin_group_get(struct rvin_dev *vin)
> >
> > static void rvin_group_put(struct rvin_dev *vin)
> > {
> > - mutex_lock(&vin->group->lock);
> > + struct rvin_group *group = vin->group;
> > +
> > + mutex_lock(&group->lock);
>
> Hi Niklas, its not clear to me why moving the lock is safe.
> Could you explain the locking scheme a little?
The lock here protects the members of the group struct and not any of
the members of the vin struct. The intent of the rvin_group_put()
function is:
1. Disassociate the vin struct from the group struct. This is done by
removing the pointer to the vin from the group->vin array and
removing the pointer from vin->group to the group struct. Here the
lock is needed to protect access to the group->vin array.
2. Decrease the refcount of the struct group and if we are the last one
out release the group.
The problem with the original code is that I first disassociate group
from the vin 'vin->group = NULL' but still use the pointer stored in the
vin struct when I try to disassociate the vin from the group
'vin->group->vin[vin->id]'.
AFIK can tell the locking here is fine, the problem was that I pulled
the rug from under my own feet in how I access the lock in order to not
having to declare a variable to store the pointer in ;-)
Do this explanation help put you at ease?
>
> >
> > vin->group = NULL;
> > vin->v4l2_dev.mdev = NULL;
> >
> > - if (WARN_ON(vin->group->vin[vin->id] != vin))
> > + if (WARN_ON(group->vin[vin->id] != vin))
> > goto out;
> >
> > - vin->group->vin[vin->id] = NULL;
> > + group->vin[vin->id] = NULL;
> > out:
> > - mutex_unlock(&vin->group->lock);
> > + mutex_unlock(&group->lock);
> >
> > - kref_put(&vin->group->refcount, rvin_group_release);
> > + kref_put(&group->refcount, rvin_group_release);
> > }
> >
> > /* -----------------------------------------------------------------------------
> > --
> > 2.17.0
> >
--
Regards,
Niklas Söderlund
