问题
I want to free a structure with spin_lock is embedded.
scenario is as follows:
I have two functions
f1 () {
*****************
spin_lock_irqsave(&my_obj_ptr->my_lock, flags)
....
.... ........................................ here f2 is called
spin_lock_irqstore(&my_obj_ptr->my_lock, flags)
*******************
kfree(my_obj_ptr)
}
and f2 has similar content with f1.
when f2 is called my_lock is being used, f2 must busy waiting. however, when f2 is entering the critical section, my_obj_ptr is free. So kernel crash...
What I think now is adding a ref_count variable in struct my_obj
before spin_lock_irqsave => ref_count++
after spin_lock_irqstore => ref_count--
And before free, check the ref_count variable.
And it seems no crash now.
I just wonder will there be corner cases, I don't consider? Or there is any much better way to handle this problem?
Any help will be appreciate.
Thanks
回答1:
After tracing the linux-source code, I found a example of solving this kind of problem.
The correct way is to split the spin_lock from the target freeing structure, so that it will not be destroyed after target freeing object is destroyed.
And check if the target free object is NULL or not in the lock protected region, so that you'll not free it again.
So the sample code may be as follows:
f1 () {
//Notice that my_lock is not in the structure my_obj any more
spin_lock_irqsave(my_lock, flags)
.....
//check if my_obj_ptr is NULL or not
//And kfree must be done in the lock protected region
//otherwise it will not be safe
if (my_obj_ptr != NULL)
kfree(my_obj_ptr)
......
spin_lock_irqstore(my_lock, flags)
}
来源:https://stackoverflow.com/questions/32494099/dynamic-allocate-free-structure-with-embedding-lock-in-linux-kernel