Re: [PATCH v3] staging: r8188eu: Remove _enter/_exit_critical_mutex()

[Fabio M. De Francesco]

On Thursday, August 26, 2021 12:37:07 PM CEST Greg Kroah-Hartman wrote:
> On Fri, Aug 20, 2021 at 12:12:41AM +0200, Fabio M. De Francesco wrote:
> > Remove _enter_critical_mutex() and _exit_critical_mutex(). They are
> > unnecessary wrappers, respectively to mutex_lock_interruptible() and
> > to mutex_unlock(). They also have an odd interface that takes an unused
> > argument named pirqL of type unsigned long.
> > The original code enters the critical section if the mutex API is
> > interrupted while waiting to acquire the lock; therefore it could lead
> > to a race condition. Use mutex_lock() because it is uninterruptible and
> > so avoid that above-mentioned potential race condition.
> > 
> > Signed-off-by: Fabio M. De Francesco <fmdefrancesco@xxxxxxxxx>
> > ---
> 
> You have changed the behavior of the code here, how have you tested that
> this still works properly?
> 
> thanks,
> 
> greg k-h

I forgot to say in this commit message that I've not tested it. I said that in other 
patches I've submitted during this days (it's because I'm on vacation and I haven't
my device with me), I'm sorry that I forgot to say the same also when I submitted this.

I understand that I've changed the behaviour of the code. I did that because the old 
code had mutex_lock_interruptible() that, if interrupted while waiting for acquiring
the mutex, it led to a potential race condition.

In the first version of my patch I wrote:

-       _enter_critical_mutex(&pxmitpriv->ack_tx_mutex, NULL);
+       if (mutex_lock_interruptible(&pxmitpriv->ack_tx_mutex))
+               return -EINTR;

I didn't explain why I decided to check and handle a possible -EINTR. Since the original
code had no checks of the return value from mutex_lock_interruptible() I thought it
could potentially enter the critical section, so I decided to check the return value and
exit if I have -EINTR. I guess it shouldn't be allowed to enter the critical section without
proper locking.

Then I read another message of yours: "[] (my guess, one almost never needs
interruptible locks in a driver)". I interpreted this as: you should change the code
to use mutex_lock() (that is uninterruptible) because you don't need to use interruptible
locks here. That's why at v3 I changed again the code above and used an uninterruptible
mutex_lock(). That's it.

Now  let's go back to the question you asked with your last message. I must admit that,
although I have been working here in staging for more or less four months, I still have 
some problems to decode your quite terse style :) 

Can you please say what you mean with your question? is it (1) or (2)?

1) The code is _plain_wrong_: go back to your v1, use the interruptible lock as you did there
and return -EINTR if interrupted; in the while, also explain why you decided to check for 
errors and what could happen if you don't test for -EINTR (i.e., explicitly say that you could 
incur in race conditions if you entered the critical section with no locks acquired).

2) The code _looks_good_, however I want t know if and how you tested it. 

Unfortunately  I won't be able to test before the first week of September, when I'll be back 
home. Please, can someone test it for me? 

Which of the two above? (If you have no time to answer, can someone else give some hint?).

Thanks very much,

Fabio

P.S.: Am I pushing myself beyond my current knowledge of how the kernel actually works?