From: Ming Lei <ming.lei@redhat.com>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: Petr Mladek <pmladek@suse.com>, Miroslav Benes <mbenes@suse.cz>,
Julia Lawall <julia.lawall@inria.fr>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
tj@kernel.org, gregkh@linuxfoundation.org,
akpm@linux-foundation.org, minchan@kernel.org, jeyu@kernel.org,
shuah@kernel.org, bvanassche@acm.org, dan.j.williams@intel.com,
joe@perches.com, tglx@linutronix.de, keescook@chromium.org,
rostedt@goodmis.org, linux-spdx@vger.kernel.org,
linux-doc@vger.kernel.org, linux-block@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
ming.lei@redhat.com
Subject: Re: [PATCH v8 11/12] zram: fix crashes with cpu hotplug multistate
Date: Wed, 3 Nov 2021 08:01:45 +0800 [thread overview]
Message-ID: <YYHRaYlglX84lxB6@T590> (raw)
In-Reply-To: <YYFmiAAYIA2X7Uv5@bombadil.infradead.org>
On Tue, Nov 02, 2021 at 09:25:44AM -0700, Luis Chamberlain wrote:
> On Tue, Nov 02, 2021 at 04:24:06PM +0100, Petr Mladek wrote:
> > On Wed 2021-10-27 13:57:40, Miroslav Benes wrote:
> > > >From my perspective, it is quite easy to get it wrong due to either a lack
> > > of generic support, or missing rules/documentation. So if this thread
> > > leads to "do not share locks between a module removal and a sysfs
> > > operation" strict rule, it would be at least something. In the same
> > > manner as Luis proposed to document try_module_get() expectations.
> >
> > The rule "do not share locks between a module removal and a sysfs
> > operation" is not clear to me.
>
> That's exactly it. It *is* not. The test_sysfs selftest will hopefully
> help with this. But I'll wait to take a final position on whether or not
> a generic fix should be merged until the Coccinelle patch which looks
> for all uses cases completes.
>
> So I think that once that Coccinelle hunt is done for the deadlock, we
> should also remind folks of the potential deadlock and some of the rules
> you mentioned below so that if we take a position that we don't support
> this, we at least inform developers why and what to avoid. If Coccinelle
> finds quite a bit of cases, then perhaps evaluating the generic fix
> might be worth evaluating.
>
> > IMHO, there are the following rules:
> >
> > 1. rule: kobject_del() or kobject_put() must not be called under a lock that
> > is used by store()/show() callbacks.
> >
> > reason: kobject_del() waits until the sysfs interface is destroyed.
> > It has to wait until all store()/show() callbacks are finished.
>
> Right, this is what actually started this entire conversation.
>
> Note that as Ming pointed out, the generic kernfs fix I proposed would
> only cover the case when kobject_del() ends up being called on module
> exit, so it would not cover the cases where perhaps kobject_del() might
> be called outside of module exit, and so the cope of the possible
> deadlock then increases in scope.
>
> Likewise, the Coccinelle hunt I'm trying would only cover the module
> exit case. I'm a bit of afraid of the complexity of a generic hunt
> as expresed in rule 1.
Question is that why one shared lock is required between kobject_del()
and its show()/store(), both zram and livepatch needn't that. Is it
one common usage?
>
> >
> > 2. rule: kobject_del()/kobject_put() must not be called from the
> > related store() callbacks.
> >
> > reason: same as in 1st rule.
>
> Sensible corollary.
>
> Given tha the exact kobjet_del() / kobject_put() which must not be
> called from the respective sysfs ops depends on which kobject is
> underneath the device for which the sysfs ops is being created,
> it would make this hunt in Coccinelle a bit tricky. My current iteration
> of a coccinelle hunt cheats and looks at any sysfs looking op and
> ensures a module exit exists.
Actually kernfs/sysfs provides interface for supporting deleting
kobject/attr from the attr's show()/store(), see example of
sdev_store_delete(), and the livepatch example:
https://lore.kernel.org/lkml/20211102145932.3623108-4-ming.lei@redhat.com/
>
> > 3. rule: module_exit() must wait until all release() callbacks are called
> > when kobject are static.
> >
> > reason: kobject_put() must be called to clean up internal
> > dependencies. The clean up might be done asynchronously
> > and need access to the kobject structure.
>
> This might be an easier rule to implement a respective Coccinelle rule
> for.
If kobject_del() is done in module_exit() or before module_exit(),
kobject should have been freed in module_exit() via kobject_put().
But yes, it can be asynchronously because of CONFIG_DEBUG_KOBJECT_RELEASE,
seems like one real issue.
Thanks,
Ming
next prev parent reply other threads:[~2021-11-03 0:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <YWeR4moCRh+ZHOmH@T590>
[not found] ` <YWiSAN6xfYcUDJCb@bombadil.infradead.org>
[not found] ` <YWjCpLUNPF3s4P2U@T590>
[not found] ` <YWjJ0O7K+31Iz3ox@bombadil.infradead.org>
[not found] ` <YWk9e957Hb+I7HvR@T590>
[not found] ` <YWm68xUnAofop3PZ@bombadil.infradead.org>
[not found] ` <YWq3Z++uoJ/kcp+3@T590>
[not found] ` <YW3LuzaPhW96jSBK@bombadil.infradead.org>
[not found] ` <YW4uwep3BCe9Vxq8@T590>
[not found] ` <alpine.LSU.2.21.2110190820590.15009@pobox.suse.cz>
[not found] ` <YW6OptglA6UykZg/@T590>
2021-10-20 6:43 ` [PATCH v8 11/12] zram: fix crashes with cpu hotplug multistate Miroslav Benes
2021-10-20 7:49 ` Ming Lei
2021-10-20 8:19 ` Miroslav Benes
2021-10-20 8:28 ` Greg KH
2021-10-25 9:58 ` Miroslav Benes
2021-10-20 10:09 ` Ming Lei
2021-10-26 8:48 ` Petr Mladek
2021-10-26 15:37 ` Ming Lei
2021-10-26 17:01 ` Luis Chamberlain
2021-10-27 11:57 ` Miroslav Benes
2021-10-27 14:27 ` Luis Chamberlain
2021-11-02 15:24 ` Petr Mladek
2021-11-02 16:25 ` Luis Chamberlain
2021-11-03 0:01 ` Ming Lei [this message]
2021-11-03 12:44 ` Luis Chamberlain
2021-10-27 11:42 ` Miroslav Benes
2021-11-02 14:15 ` Petr Mladek
2021-11-02 14:51 ` Petr Mladek
2021-11-02 15:17 ` Ming Lei
2021-11-02 14:56 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYHRaYlglX84lxB6@T590 \
--to=ming.lei@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=bvanassche@acm.org \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jeyu@kernel.org \
--cc=joe@perches.com \
--cc=julia.lawall@inria.fr \
--cc=keescook@chromium.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-spdx@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mcgrof@kernel.org \
--cc=minchan@kernel.org \
--cc=paulus@samba.org \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).