On Mon, 28 Mar 2022 15:09:33 +0530, Viresh Kumar wrote:
On 28-03-22, 17:13, Xiaomeng Tong wrote:
On Mon, 28 Mar 2022 14:20:57 +0530, Viresh Kumar wrote:
On 28-03-22, 15:43, Xiaomeng Tong wrote:
No. the conditon to call opp_migrate_dentry(opp_dev, opp_table); is: if (!list_is_singular(&opp_table->dev_list)),
while list_is_singlular is: !list_empty(head) && (head->next == head->prev);
so the condition is: list_empty(head) || (head->next != head->prev)
if the list is empty, the bug can be triggered.
List can't be empty here by design. It will be a huge bug in that case, which should lead to crash somewhere.
There is anther condition to trigger this bug: the list is not empty and no element found (if (iter != opp_dev)).
I suggest reading the code again, considering opp_debug_unregister() as well.
What's happening here is this:
- Several devices share the OPP table.
- One of them (devX) is going away and opp_debug_unregister() is called for this device.
- If devX is the last device for this OPP table, then we don't migrate and just release all resources.
- Otherwise, we migrate it to the next element in the list. i.e. any device which != devX.
Please tell based on this where do you see a possibility of a bug. Surely there can be one, but I fail to see it at the moment and need more detail of the same.
Perhaps you are right. Anyway, It is a good choise to use list iterator only inside the loop as linus suggested [1], to avoid potential risk. I have also repost another patch with changed commit message. Please check it, thank you.
[1]:https://lore.kernel.org/lkml/20220301075839.4156-1-xiam0nd.tong@gmail.com/
-- Xiaomeng Tong