Re: Is module refcounting racy?

From: Nick Piggin
Date: Mon Mar 29 2010 - 12:58:55 EST

Next message: Ira W. Snyder: "[PATCH 0/3] add support for Janz MODULbus devices"
Previous message: Ingo Molnar: "Re: [PATCH 02/31] x86: Make sure free_init_pages() free pages inboundary"
In reply to: Rusty Russell: "Re: Is module refcounting racy?"
Next in thread: Rusty Russell: "Re: Is module refcounting racy?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 29, 2010 at 8:12 PM, Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
> On Thu, 18 Mar 2010 09:25:34 pm Nick Piggin wrote:
>> Hey,
>>
>> I've been looking at weird and wonderful ways to do scalable refcounting,
>> for the vfs...
>>
>> Sadly, module refcounting doesn't fit my bill. But as far as I could see,
>> it is racy.
>
> Other than for advisory purposes, the refcount is only checked against zero
> under stop_machine. For exactly this reason.

There definitely looks to me like there is code that checks the refcount
*without* stop_machine. module_refcount is an exported function, and you
expect drivers to get this right (scsi_device_put for a trivial example), but
it even looks like it is used in a racy way in kernel/module.c code.

Either we need to take my patch, or audit t, and put a WARN_ON
if it is called while not under stop_machine.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ira W. Snyder: "[PATCH 0/3] add support for Janz MODULbus devices"
Previous message: Ingo Molnar: "Re: [PATCH 02/31] x86: Make sure free_init_pages() free pages inboundary"
In reply to: Rusty Russell: "Re: Is module refcounting racy?"
Next in thread: Rusty Russell: "Re: Is module refcounting racy?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]