Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Nov 2011 12:56:29 -0700
From:      Navdeep Parhar <nparhar@gmail.com>
To:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   incorrect parent refcounting in subr_firmware.c?
Message-ID:  <CAPFoGT9bLzAStkUnSfsBm0F6gmGuCM6kQRHQxa%2Bbsah4mQvQVw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
I built a KLD with multiple firmware images, as shown here:

KMOD=foo
FIRMWS= foo.bin:foo:1.0.0.0
FIRMWS+=bar.bin:bar:1.0.0.0
FIRMWS+= ...
.include <bsd.kmod.mk>

"foo" is the parent firmware and a firmware_get(foo) can autoload the
KLD.  "bar" and the rest are available only if the KLD is loaded (by
whatever means).  This is reasonable and works as expected.  But if I
just get and then put "foo" back, the KLD is not unloaded automatically.

The problem is that a reference is placed on the parent firmware when
the other firmwares are registered (during module load).  I think this
reference should be placed during firmware_get on the child.

What do people think about the attached patch?  It fixes things for me.

Regards,
Navdeep

[-- Attachment #2 --]
diff --git a/sys/kern/subr_firmware.c b/sys/kern/subr_firmware.c
--- a/sys/kern/subr_firmware.c
+++ b/sys/kern/subr_firmware.c
@@ -198,10 +198,8 @@
 	frp->fw.data = data;
 	frp->fw.datasize = datasize;
 	frp->fw.version = version;
-	if (parent != NULL) {
+	if (parent != NULL)
 		frp->parent = PRIV_FW(parent);
-		frp->parent->refcnt++;
-	}
 	mtx_unlock(&firmware_mtx);
 	if (bootverbose)
 		printf("firmware: '%s' version %u: %zu bytes loaded at %p\n",
@@ -235,8 +233,6 @@
 	}  else {
 		linker_file_t x = fp->file;	/* save value */
 
-		if (fp->parent != NULL)	/* release parent reference */
-			fp->parent->refcnt--;
 		/*
 		 * Clear the whole entry with bzero to make sure we
 		 * do not forget anything. Then restore 'file' which is
@@ -341,6 +337,8 @@
 		return NULL;
 	}
 found:				/* common exit point on success */
+	if (fp->refcnt == 0 && fp->parent != NULL)
+		fp->parent->refcnt++;
 	fp->refcnt++;
 	mtx_unlock(&firmware_mtx);
 	return &fp->fw;
@@ -363,6 +361,8 @@
 	mtx_lock(&firmware_mtx);
 	fp->refcnt--;
 	if (fp->refcnt == 0) {
+		if (fp->parent != NULL)
+			fp->parent->refcnt--;
 		if (flags & FIRMWARE_UNLOAD)
 			fp->flags |= FW_UNLOAD;
 		if (fp->file)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPFoGT9bLzAStkUnSfsBm0F6gmGuCM6kQRHQxa%2Bbsah4mQvQVw>