From: Tejun Heo <htejun@gmail.com>
To: maneesh@in.ibm.com
Cc: gregkh@suse.de, dmitry.torokhov@gmail.com,
cornelia.huck@de.ibm.com, oneukum@suse.de, rpurdie@rpsys.net,
James.Bottomley@SteelEye.com, stern@rowland.harvard.edu,
linux-kernel@vger.kernel.org
Subject: Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2
Date: Tue, 17 Apr 2007 21:42:17 +0900 [thread overview]
Message-ID: <4624C0A9.2040804@gmail.com> (raw)
In-Reply-To: <20070416082212.GC31874@in.ibm.com>
Maneesh Soni wrote:
> I started looking at these patches and parallely also did some testing on a
> 8 CPU system. I am using the patches from Greg's tree at
> http://www.kernel.org/pub/scm/linux/kernel/git/gregkh/patches.git/
>
> I ran following loops parallelly
>
> # while true; do insmod drivers/net/dummy.ko; sleep 1;rmmod dummy; done
> # while true; do find /sys/class/net/dummy0 | xargs cat; sleep 1; done
> # while true; do umount /sys; sleep 1; mount -t sysfs none /sys; done
> # while true; do find /sys | xargs cat > /dev/null; sleep 1; done
>
> and got the following oops
>
> Unable to handle kernel NULL pointer dereference at 000000000000004c RIP:
> [<ffffffff802935b4>] simple_unlink+0x14/0x5c
> PGD 21955c067 PUD 215b52067 PMD 0
> Oops: 0002 [1] SMP
> CPU 6
> Modules linked in: dummy i2c_dev i2c_core
> Pid: 21161, comm: rmmod Not tainted 2.6.21-rc6 #3
> RIP: 0010:[<ffffffff802935b4>] [<ffffffff802935b4>] simple_unlink+0x14/0x5c
> RSP: 0000:ffff81021b38be28 EFLAGS: 00010292
Okay, got it. The problem here is the race between dcache shrinking
triggered by umount and sysfs deletion. It seems to be introduced
when dentries for attr and symlink nodes are made unpinned.
sd->s_entry clearing is done without synchronization and
sysfs_drop_entry() ends up deleting already deleted dentry
(dentry->inode is NULL).
sd->s_entry is broken in other ways too. Consider the following
scenario.
thread shrinking dcache thread looking up sysfs entry
--------------------------------------------------------------------
1. sysfs dentry for A is chosen as
victim.
2. prune_one_dentry() drops the dentry
and calls dentry_iput().
3. dentry_iput() unlinks d_alias and
releases spin locks.
4. looks up dentry for A which
is not in dcache.
5. new dentry is created and
sysfs_lookup() is invoked,
which instantiates the dentry
and set sd->s_dentry to it.
6. sysfs_d_iput() is called.
BUG_ON(sd->s_dentry != dentry)
triggers and sd->s_dentry is
cleared. You're screwed.
I think it can be fixed by making deletion more like conventional
filesystem. Brewing a patch...
--
tejun
prev parent reply other threads:[~2007-04-17 12:42 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-09 4:18 [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2 Tejun Heo
2007-04-09 4:18 ` [PATCH 01/14] sysfs: fix i_ino handling in sysfs Tejun Heo
2007-04-27 15:29 ` Eric Sandeen
2007-04-27 15:32 ` Greg KH
2007-04-27 16:04 ` Eric Sandeen
2007-04-09 4:18 ` [PATCH 02/14] sysfs: fix error handling in binattr write() Tejun Heo
2007-04-09 4:18 ` [PATCH 05/14] sysfs: consolidate sysfs_dirent creation functions Tejun Heo
2007-04-09 4:18 ` [PATCH 03/14] sysfs: move release_sysfs_dirent() to dir.c Tejun Heo
2007-04-09 4:18 ` [PATCH 04/14] sysfs: flatten cleanup paths in sysfs_add_link() and create_dir() Tejun Heo
2007-04-09 4:18 ` [PATCH 07/14] sysfs: add sysfs_dirent->s_name Tejun Heo
2007-04-09 4:18 ` [PATCH 08/14] sysfs: make sysfs_dirent->s_element a union Tejun Heo
2007-04-09 4:18 ` [PATCH 11/14] sysfs: implement bin_buffer Tejun Heo
2007-04-09 4:18 ` [PATCH 06/14] sysfs: add sysfs_dirent->s_parent Tejun Heo
2007-04-09 4:18 ` [PATCH 09/14] sysfs: implement kobj_sysfs_assoc_lock Tejun Heo
2007-04-09 4:18 ` [PATCH 10/14] sysfs: reimplement symlink using sysfs_dirent tree Tejun Heo
2007-04-09 4:18 ` [PATCH 14/14] sysfs: kill unnecessary attribute->owner Tejun Heo
2007-04-10 14:17 ` Cornelia Huck
2007-04-10 14:30 ` Cornelia Huck
2007-04-11 4:21 ` Tejun Heo
2007-04-11 4:25 ` [PATCH 14/14 UPDATED] " Tejun Heo
2007-04-09 4:18 ` [PATCH 13/14] sysfs: kill attribute file orphaning Tejun Heo
2007-04-09 4:18 ` [PATCH 12/14] sysfs: implement sysfs_dirent active reference and immediate disconnect Tejun Heo
2007-04-11 4:15 ` [PATCH 12/14 UPDATED] " Tejun Heo
2007-04-11 9:00 ` Cornelia Huck
2007-04-11 9:26 ` Tejun Heo
2007-04-11 9:32 ` Tejun Heo
2007-04-11 10:13 ` Tejun Heo
2007-04-11 10:26 ` Cornelia Huck
2007-04-12 7:18 ` Greg KH
2007-04-12 7:39 ` Greg KH
2007-04-10 14:44 ` [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2 Cornelia Huck
2007-04-11 4:18 ` Tejun Heo
2007-04-16 8:22 ` Maneesh Soni
2007-04-17 5:06 ` Tejun Heo
2007-04-17 12:42 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4624C0A9.2040804@gmail.com \
--to=htejun@gmail.com \
--cc=James.Bottomley@SteelEye.com \
--cc=cornelia.huck@de.ibm.com \
--cc=dmitry.torokhov@gmail.com \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=maneesh@in.ibm.com \
--cc=oneukum@suse.de \
--cc=rpurdie@rpsys.net \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.