All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: akpm@linux-foundation.org, minchan@kernel.org, jeyu@kernel.org,
	ngupta@vflare.org, sergey.senozhatsky.work@gmail.com,
	rafael@kernel.org, axboe@kernel.dk, tj@kernel.org,
	mbenes@suse.com, jpoimboe@redhat.com, tglx@linutronix.de,
	keescook@chromium.org, jikos@kernel.org, rostedt@goodmis.org,
	peterz@infradead.org, linux-block@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 2/3] zram: fix deadlock with sysfs attribute usage and module removal
Date: Fri, 23 Jul 2021 13:15:49 +0200	[thread overview]
Message-ID: <YPqk5WCBgvNQzq4S@kroah.com> (raw)
In-Reply-To: <20210722221705.kyrdkpt6fwf5k56o@garbanzo>

On Thu, Jul 22, 2021 at 03:17:05PM -0700, Luis Chamberlain wrote:
> On Wed, Jul 21, 2021 at 01:29:29PM +0200, Greg KH wrote:
> > On Fri, Jul 02, 2021 at 05:19:57PM -0700, Luis Chamberlain wrote:
> > > +#define MODULE_DEVICE_ATTR_FUNC_STORE(_name) \
> > > +static ssize_t module_ ## _name ## _store(struct device *dev, \
> > > +				   struct device_attribute *attr, \
> > > +				   const char *buf, size_t len) \
> > > +{ \
> > > +	ssize_t __ret; \
> > > +	if (!try_module_get(THIS_MODULE)) \
> > > +		return -ENODEV; \
> > 
> > I feel like this needs to be written down somewhere as I see it come up
> > all the time.
> 
> I'll go ahead and cook up a patch to do just this after I send this
> email out.
> 
> > Again, this is racy and broken code.  You can NEVER try to increment
> > your own module reference count unless it has already been incremented
> > by someone external first.
> 
> In the zram driver's case the sysfs files are still pegged on, because
> as we noted before the kernfs active reference will ensure the store
> operation still exists.

How does that happen without a module lock?

> If the driver removes the operation prior to
> getting the active reference, the write will just fail. kernfs ensures
> once a file is opened the op is not removed until the operation completes.

How does it do that?

> If a file is opened then, the module cannot possibly be removed. The
> piece of information we realy care about is the use of module_is_live()
> inside try_module_get() which does:
> 
> static inline bool module_is_live(struct module *mod)
> {                                                                               
> 	return mod->state != MODULE_STATE_GOING;
> }
> 
> The try allows module removal to trump use of the sysfs file. If
> userspace wants the module removed, it gives up in favor for that
> operation.

I do not see the tie in kernfs to module reference counts, what am I
missing?

thanks,

greg k-h

  reply	other threads:[~2021-07-23 11:15 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-03  0:19 [PATCH v6 0/3] zram: fix few sysfs races Luis Chamberlain
2021-07-03  0:19 ` [PATCH v6 1/3] zram: fix crashes with cpu hotplug multistate Luis Chamberlain
2021-07-03  0:19 ` [PATCH v6 2/3] zram: fix deadlock with sysfs attribute usage and module removal Luis Chamberlain
2021-07-10 19:28   ` Andrew Morton
2021-07-11  5:00     ` Greg KH
2021-07-12 23:17     ` Luis Chamberlain
2021-07-21 11:29   ` Greg KH
2021-07-22 22:17     ` Luis Chamberlain
2021-07-23 11:15       ` Greg KH [this message]
2021-07-23 17:49         ` Luis Chamberlain
2021-07-27 17:35           ` Luis Chamberlain
2021-07-03  0:19 ` [PATCH v6 3/3] zram: use ATTRIBUTE_GROUPS Luis Chamberlain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YPqk5WCBgvNQzq4S@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=axboe@kernel.dk \
    --cc=jeyu@kernel.org \
    --cc=jikos@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mbenes@suse.com \
    --cc=mcgrof@kernel.org \
    --cc=minchan@kernel.org \
    --cc=ngupta@vflare.org \
    --cc=peterz@infradead.org \
    --cc=rafael@kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=sergey.senozhatsky.work@gmail.com \
    --cc=tglx@linutronix.de \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.