netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-kernel@vger.kernel.org, nstange@suse.de,
	ap420073@gmail.com, David.Laight@aculab.com,
	netdev@vger.kernel.org, linux-wireless@vger.kernel.org,
	rafael@kernel.org
Subject: Re: [CRAZY-RFF] debugfs: track open files and release on remove
Date: Fri, 9 Oct 2020 10:03:55 +0200	[thread overview]
Message-ID: <20201009080355.GA398994@kroah.com> (raw)
In-Reply-To: <20201009095306.0d87c3aa13db.Ib3a7019bff15bb6308f6d259473a1648312a4680@changeid>

On Fri, Oct 09, 2020 at 09:53:06AM +0200, Johannes Berg wrote:
> [RFF = Request For Flaming]
> 
> THIS IS PROBABLY COMPLETELY CRAZY.
> 
> Currently, if a module is unloaded while debugfs files are being
> kept open, things crash since the ->release() method is called
> only at the actual release, despite the proxy_fops, and then the
> code is no longer around.
> 
> The correct way to fix this is to annotate all the debugfs fops
> with .owner= THIS_MODULE, but as a learning exercise and to see
> how much hate I can possibly receive, I figured I'd try to work
> around this in debugfs itself.

For lots of debugfs files, .owner should already be set, if you use the
DEFINE_SIMPLE_ATTRIBUTE() or DEFINE_DEBUGFS_ATTRIBUTE() macros.

But yes, not all.

> First, if the fops have a release method and no owner, we track
> all the open files - currently using a very simple array data
> structure for it linked into struct debugfs_fsdata. This required
> changing the API of debugfs_file_get() and debugfs_file_put() to
> pass the struct file * to it.
> 
> Then, once we know which files are still open at remove time, we
> can call all their release functions, and avoid calling them from
> the proxy_fops. Of course still call them from the proxy_fops if
> the file is still around, and clean up, so the release isn't all
> deferred to the end, but done as soon as possible.
> 
> This introduces a potential locking issue, we could have a fops
> struct that takes a lock in its release that the same module is
> also taking around debugfs_remove(). To flag these issues using
> lockdep, take inode_lock_shared() in full_proxy_release(), see
> the comment there. If this triggers for some fops, add the owner
> as it should have been in the first place.
> 
> Over adding the owner everywhere this has two small advantages:
>  1) you can unload the module while a debugfs file is open;
>  2) no need to change hundreds of places in the kernel :-)

I thought the proxy-ops stuff was supposed to fix this issue already.
Why isn't it, what is broken in them that causes this to still crash?

And of course, removing kernel modules is never a guaranteed operation,
nor is it anything that ever happens automatically, so is this really an
issue?  :)

thanks,

greg k-h

  reply	other threads:[~2020-10-09  8:03 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-08 15:48 [PATCH net 000/117] net: avoid to remove module when its debugfs is being used Taehee Yoo
2020-10-08 15:59 ` David Laight
2020-10-08 16:14   ` Johannes Berg
2020-10-08 16:37     ` Taehee Yoo
2020-10-09  5:38       ` Nicolai Stange
2020-10-09 10:07         ` Taehee Yoo
2020-10-09  5:09     ` Nicolai Stange
2020-10-09  7:45       ` Johannes Berg
2020-10-09 10:15         ` Taehee Yoo
2020-10-09 10:21           ` Johannes Berg
2020-10-09 10:41             ` [RFC] debugfs: protect against rmmod while files are open Johannes Berg
2020-10-09 10:48               ` Johannes Berg
2020-10-09 10:56                 ` David Laight
2020-10-09 10:56                   ` Johannes Berg
2020-10-09 11:15                   ` gregkh
2020-10-09 15:33             ` [PATCH net 000/117] net: avoid to remove module when its debugfs is being used Steve deRosier
2020-10-09  7:53       ` [CRAZY-RFF] debugfs: track open files and release on remove Johannes Berg
2020-10-09  8:03         ` Greg KH [this message]
2020-10-09  8:06           ` Johannes Berg
2020-10-09  8:16             ` Greg KH
2020-10-09  8:19               ` Johannes Berg
2020-10-09  8:34                 ` David Laight
2020-10-09  8:44                   ` Johannes Berg
2020-10-09  9:00                     ` David Laight
2020-10-09  8:47                 ` Greg KH
2020-10-09  8:48                   ` Johannes Berg
2020-10-10  9:38                     ` Greg KH
2020-10-10 10:47                       ` Johannes Berg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201009080355.GA398994@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=David.Laight@aculab.com \
    --cc=ap420073@gmail.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=nstange@suse.de \
    --cc=rafael@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).