Hi,

After applying the patch that replaces tasklet usage with workqueue [1],
I realized there is a corner case where schedule() is called within an
RCU read-side critical section when handling asynchronous transaction
from local node to itself.

The mechanism is:

fw_send_request()
->ohci_send_request()
  ->at_context_transmit()
    ->handle_local_reuest()                       [to local node]
      ...
      ->fw_core_handle_request()
        ->handle_{exclusive,fcp}_region_request() [under RCU read locking]
          ->fw_send_response()
            ->ohci_send_response()
              ->at_context_transmit()
                ->handle_local_reuest()           [to local node]
                  ...
                  ->fw_core_handle_response()
                    ->ohci_cancel_packet()        [for request packet]
                      ->disable_work_sync()
                        ->schedule()

Previously, when cancelling the request subaction of a transaction,
'tasklet_disable_in_atomic()' was used. However, this function is now
deprecated, as you know. It has been replaced with disable_work_sync()
which requires that the workqueue be allowed to sleep when invoking the
address handler.

The purpose of this patch series is to move the invocation of address
handlers outside the RCU read-side critical section. Reference counting
is newly added to ensure safe invocation outside the section.

[1] https://lore.kernel.org/lkml/20250615133253.433057-1-o-takashi@sakamocchi.jp/



Takashi Sakamoto (3):
  firewire: core: use reference counting to invoke address handlers
    safely
  firewire: core: call handler for exclusive regions outside RCU
    read-side critical section
  firewire: core: call FCP address handlers outside RCU read-side
    critical section

 drivers/firewire/core-transaction.c | 66 +++++++++++++++++++++++++----
 include/linux/firewire.h            |  4 ++
 2 files changed, 61 insertions(+), 9 deletions(-)


Regards

Takashi Sakamoto
-- 
2.48.1