Re: kobject: provide kobject_put_wait to fix module unload race

[Mike Snitzer]

On Tue, Jan 07 2014 at  1:00pm -0500,
Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote:

> 
> 
> On Tue, 7 Jan 2014, Linus Torvalds wrote:
> 
> > This looks completely broken to me. You do a "kobject_put()" and then
> > after you've dropped that last use, you wait for the completion of
> > something that may already have been free'd.
> > 
> > Wtf? Am I missing something?
> > 
> >                Linus
> 
> It is correct. The release method dm_kobject_release doesn't free the 
> kobject. It just signals the completion and returns.
> 
> This is the sequence of operations:
> * call kobject_put
> * wait until all users stop using the kobject, when it happens the release 
>   method is called
> * the release method signals the completion and returns
> * the unload code that waits on the completion continues
> * the unload code frees the mapped_device structure that contains the 
>   kobject
> 
> Using kobject this way avoids the module unload race that was mentioned at 
> the beginning of this thread.

I've staged your patch in linux-next for 3.14, see:
http://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=af7b1e5c767fc895788c971c8f4686402ac8344f
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/