Re: [PATCH v4 1/2] tty: serial: dz: convert atomic_* to refcount_* APIs for map_guard

From: Deepak R Varma
Date: Tue Jan 03 2023 - 05:05:46 EST

Next message: Heiko Carstens: "Re: [PATCH v3] arch: rename all internal names __xchg to __arch_xchg"
Previous message: John Ogness: "Re: [PATCH printk v3 4/6] printk: introduce struct console_buffers"
In reply to: Jiri Slaby: "Re: [PATCH v4 1/2] tty: serial: dz: convert atomic_* to refcount_* APIs for map_guard"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v4 1/2] tty: serial: dz: convert atomic_* to refcount_* APIs for map_guard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 03, 2023 at 09:59:52AM +0100, Jiri Slaby wrote:
> On 26. 12. 22, 7:21, Deepak R Varma wrote:
> > The refcount_* APIs are designed to address known issues with the
> > atomic_t APIs for reference counting. They provide following distinct
> > advantages
> > - protect the reference counters from overflow/underflow
> > - avoid use-after-free errors
> > - provide improved memory ordering guarantee schemes
> > - neater and safer.
>
> Really? (see below)
>
> > --- a/drivers/tty/serial/dz.c
> > +++ b/drivers/tty/serial/dz.c
> ...
> > @@ -687,23 +686,19 @@ static int dz_map_port(struct uart_port *uport)
> > static int dz_request_port(struct uart_port *uport)
> > {
> > struct dz_mux *mux = to_dport(uport)->mux;
> > - int map_guard;
> > int ret;
> >
> > - map_guard = atomic_add_return(1, &mux->map_guard);
> > - if (map_guard == 1) {
> > - if (!request_mem_region(uport->mapbase, dec_kn_slot_size,
> > - "dz")) {
> > - atomic_add(-1, &mux->map_guard);
> > - printk(KERN_ERR
> > - "dz: Unable to reserve MMIO resource\n");
> > + refcount_inc(&mux->map_guard);
> > + if (refcount_read(&mux->map_guard) == 1) {
>
> This is now racy, right?

Hello Jiri,
Thank you for the feedback. You are correct. I have split a single instruction
in two (or more?) instructions potentially resulting in race conditions. I
looked through the refcount_* APIs but did not find a direct match.

Can you please comment if the the following variation will avoid race condition?

if (!refcount_add_not_zero(1, &mux->map_guard)) {
refcount_inc(&mux->map_guard);
...
}

Here, refcount_add_not_zero would return false if &mux->map_guard is already 0.
Which means, incrementing it by 1 would have met the earlier if evaluation.
Whereas, if &mux->map_guard is something other than 0, refcount_add_not_zero
will increment it by 1 and return true, in which case the if condition will
fail, similar to the previous if evaluation.

Hope that helps clarify my revised thought. Can you please let me know if this
revision looks safe?

Thank you,
./drv

>
> thanks,
> --
> js
> suse labs
>

Next message: Heiko Carstens: "Re: [PATCH v3] arch: rename all internal names __xchg to __arch_xchg"
Previous message: John Ogness: "Re: [PATCH printk v3 4/6] printk: introduce struct console_buffers"
In reply to: Jiri Slaby: "Re: [PATCH v4 1/2] tty: serial: dz: convert atomic_* to refcount_* APIs for map_guard"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v4 1/2] tty: serial: dz: convert atomic_* to refcount_* APIs for map_guard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]