• Stefan Richter's avatar
    firewire: cdev: count references of cards during inbound transactions · 0244f573
    Stefan Richter authored
    If a request comes in to an address range managed by a userspace driver
    i.e. <linux/firewire-cdev.h> client, the card instance of request and
    response may differ from the card instance of the client device.
    Therefore we need to take a reference of the card until the response was
    sent.
    
    I thought about putting the reference counting into core-transaction.c,
    but the various high-level drivers besides cdev clients (firewire-net,
    firewire-sbp2, firedtv) use the card pointer in their fw_address_handler
    address_callback method only to look up devices of which they already
    hold the necessary references.  So this seems to be a specific
    firewire-cdev issue which is better addressed locally.
    
    We do not need the reference
      - in case of FCP_REQUEST or FCP_RESPONSE requests because then the
        firewire-core will send the split transaction response for us
        already in the context of the request handler,
      - if it is the same card as the client device's because we hold a
        card reference indirectly via teh client->device reference.
    To keep things simple, we take the reference nevertheless.
    
    Jay Fenlason wrote:
    > there's no way for the core to tell cdev "this card is gone,
    > kill any inbound transactions on it", while cdev holds the transaction
    > open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
    > very long time.  But when it does, it calls fw_send_response(), which
    > will dereference the card...
    >
    > So how unhappy are we about userspace potentially holding a fw_card
    > open forever?
    
    While termination of inbound transcations at card removal could be
    implemented, it is IMO not worth the effort.  Currently, the effect of
    holding a reference of a card that has been removed is to block the
    process that called the pci_remove of the card.  This is
      - either a user process ran by root.  Root can find and kill processes
        that have /dev/fw* open, if desired.
      - a kernel thread (which one?) in case of hot removal of a PCCard or
        ExpressCard.
    The latter case could be a problem indeed.  firewire-core's card
    shutdown and card release should probably be improved not to block in
    shutdown, just to defer freeing of memory until release.
    
    This is not a new problem though; the same already always happens with
    the client->device->card without the need of inbound transactions or
    other special conditions involved, other than the client not closing the
    file.
    Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
    0244f573
core-cdev.c 38.3 KB