All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: Minchan Kim <minchan@kernel.org>, Hannes Reinecke <hare@suse.de>,
	Douglas Gilbert <dgilbert@interlog.com>,
	ngupta@vflare.org, sergey.senozhatsky.work@gmail.com,
	axboe@kernel.dk, mbenes@suse.com, jpoimboe@redhat.com,
	tglx@linutronix.de, keescook@chromium.org, jikos@kernel.org,
	rostedt@goodmis.org, peterz@infradead.org,
	linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
	Davidlohr Bueso <dave@stgolabs.net>
Subject: Re: [PATCH v2 0/4] zram: fix few sysfs races
Date: Tue, 25 May 2021 09:41:26 +0200	[thread overview]
Message-ID: <YKyqJsvds9eH3IZ7@kroah.com> (raw)
In-Reply-To: <20210525011607.GG4332@42.do-not-panic.com>

On Tue, May 25, 2021 at 01:16:07AM +0000, Luis Chamberlain wrote:
> On Sat, May 22, 2021 at 09:48:34AM +0200, Greg Kroah-Hartman wrote:
> > On Fri, May 21, 2021 at 09:08:17PM +0000, Luis Chamberlain wrote:
> > > On Fri, May 21, 2021 at 10:45:00PM +0200, Greg Kroah-Hartman wrote:
> > > > I looked at the last patch here and I really do not see the issue.
> > > > 
> > > > In order for the module to be removed, zram_exit() has to return, right?
> > > 
> > > Yes, but the race is for when a module removal is ongoing, in other
> > > words, it has not yet completed, and at the same time we race touching
> > > sysfs files.
> > > 
> > > > So how can a show/store function in zram_drv.c be called after
> > > > destroy_devices() returns?
> > > 
> > > The issue can come up if we have something poke at the sysfs files *while* a
> > > removal is happening.
> > 
> > And have you seen this in the real world?  I keep asking this as module
> > removal is not an automated process so what triggers this?
> 
> No, its not seen in the real world. It was theoretical, and noted as
> possible by Minchan Kim. I reviewed it, and I agree the race is
> possible.

Ok, then really, it's not a big deal :)

> > Why do you feel that block devices are somehow more "special" here?
> 
> I am not saying they are.

Your patch made them "special", don't do that.

> > They are not, either this is "broken" for everyone, or it works for
> > everyone, don't special-case one tiny class of devices for unknown
> > reasons.
> 
> The reason dev_type_get() was implemented was precisely to allow for
> this to be expanded with the other types as they the *get* is specific to
> the type.

No, that's the wrong thing to do.

> > Your change causes another problem, if a sysfs file has show/store
> > happening, the reference count will always be bumped and so the module
> > would NOT be able to be freed.  That looks like a lovely DoS that any
> > user could cause, right?
> 
> Yes true. I think the better way to resolve that is to introduce and use
> *try* methods, and so rmmod always trumps a new *get* for these
> operations.

No, "try" methods suck, as the Yoda quote says.

> That would sole the possible "DOS" issue, precisely how I resolved this
> same concern for resolving the deadlock with try_module_get().

Should not be needed.

> > In sleeping on this 
> 
> Sorry, did you mean you thought about this, or you meant sleep as in
> the sleep context?

I thought about this, sorry for the confusion.

> > So in conclusion, the "correct" thing here seems to be two independant
> > things:
> > 	- make sure the reference count of the kobject is properly
> > 	  incremented during show/store callbacks
> > 	- grab the kobject's type/bus/whatever lock during show/store so
> > 	  that it can not race with deleting the device.
> 
> Yup. The above was a proof of concept solution using type, but indeed,
> the downside is we'd have to implement try methods when not found, and
> likely the list of types is endless.
> 
> Are there places where we cannot use the bus?

Not that I know of, all objects live on some sort of "type/bus", that's
the way the driver model works.

> > No bus/type should be special cased here, block devices are not special
> > by any means.
> > 
> > And don't mess with module reference counts, that way lies madness.  We
> > want to lock data, not code :)
> 
> Live patching needs to lock code ;) and hey it works ;)

Live patching is vodoo magic.  But it just "adds" code paths, and later,
when it feels all is good, then it can remove stuff (if it even does,
I do not remember).  Adding is easy, removing is hard.

> Addressing the kobject refecount here should in theory address most
> deadlocks (what my third patch addresses) as well becuase, as you imply,
> our protection of the kobject should prevent removal, but that's not
> always the case. I think you're failing to consider a shared global
> driver lock, which can be used on sysfs files, which in turn have
> *nothing* kref'd. And so the module removal can still try to nuke sysfs
> files, if those sysfs files like to mess with the shared global driver
> lock.

If any driver has that kind of crud, they deserve the nightmare that
would happen if it interacts this way.  Don't worry about that, it's not
a pattern that anyone should be using.

And again, if the code and data is still there, the lock is ok to grab,
there should not be a problem.  If so, we can fix the driver.

thanks,

greg k-h

  reply	other threads:[~2021-05-25  7:41 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-23  1:11 [PATCH v2 0/4] zram: fix few sysfs races Luis Chamberlain
2021-04-23  1:11 ` [PATCH v2 1/4] zram: fix crashes due to use of cpu hotplug multistate Luis Chamberlain
2021-05-19 19:54   ` Minchan Kim
2021-04-23  1:11 ` [PATCH v2 2/4] zram: avoid disksize setting when device is being claimed Luis Chamberlain
2021-05-19 19:56   ` Minchan Kim
2021-04-23  1:11 ` [PATCH v2 3/4] zram: fix deadlock with sysfs attribute usage and driver removal Luis Chamberlain
2021-04-23  1:11 ` [PATCH v2 4/4] zram: fix possible races between sysfs use and bdev access Luis Chamberlain
2021-04-24 18:47   ` kernel test robot
2021-05-19 20:09 ` [PATCH v2 0/4] zram: fix few sysfs races Minchan Kim
2021-05-19 20:20   ` Luis Chamberlain
2021-05-21 20:01     ` Greg Kroah-Hartman
2021-05-21 20:16       ` Luis Chamberlain
2021-05-21 20:45         ` Greg Kroah-Hartman
2021-05-21 21:08           ` Luis Chamberlain
2021-05-22  7:48             ` Greg Kroah-Hartman
2021-05-25  1:16               ` Luis Chamberlain
2021-05-25  7:41                 ` Greg Kroah-Hartman [this message]
2021-06-21 23:19                   ` Luis Chamberlain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YKyqJsvds9eH3IZ7@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=axboe@kernel.dk \
    --cc=dave@stgolabs.net \
    --cc=dgilbert@interlog.com \
    --cc=hare@suse.de \
    --cc=jikos@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mbenes@suse.com \
    --cc=mcgrof@kernel.org \
    --cc=minchan@kernel.org \
    --cc=ngupta@vflare.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=sergey.senozhatsky.work@gmail.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.