debugfs_remove() vs. anything that is dynamic

From: Johannes Berg
Date: Fri Apr 04 2008 - 10:29:40 EST

Next message: Kiyoshi Ueda: "Re: kernel BUG at drivers/block/ub.c:820!"
Previous message: Johannes Berg: "cpu_clock confusion (was: printk time confusion?)"
Next in thread: Greg KH: "Re: debugfs_remove() vs. anything that is dynamic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Consider the following trivial module:

--- %< ---
#include <linux/module.h>
#include <linux/debugfs.h>

static struct dentry *f;
static u32 tmp;

int __init mod_enter(void)
{
f = debugfs_create_u32("tmp-test", 0666, NULL, &tmp);

return 0;
}

void __exit mod_leave(void)
{
debugfs_remove(f);
}

module_init(mod_enter);
module_exit(mod_leave);
MODULE_LICENSE("GPL");
--- >% ---

How do I make that safe?

FWIW, the problem is:

thread 1 thread 2
fd = open("tmp-test")

sleep(30); rmmod test-module

read(fd, buf, 100);

--> accesses now invalid memory because debugfs doesn't actually stop
you from accessing "&tmp" after debugfs_remove(). [yes, I actually
tested a variation of this where I dynamically allocated the 'tmp'
variable, I got the slab poison in my test program]

Personally, I tend to think this makes debugfs rather unusable in
modules and with anything that is dynamically allocated [1]. AFAICT
sysfs avoids this by having object lifetime imposed by sysfs, but
debugfs doesn't work that way.

What am I missing?

johannes

[1] which covers many many current users, it seems at least usbmon,
ohci/ehci/uhci-dbg, pktcdvd, fault injection code, blktrace and probably
more.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Kiyoshi Ueda: "Re: kernel BUG at drivers/block/ub.c:820!"
Previous message: Johannes Berg: "cpu_clock confusion (was: printk time confusion?)"
Next in thread: Greg KH: "Re: debugfs_remove() vs. anything that is dynamic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]