Re: 2.6.35-rc2 module reference counting broken

From: Jari Ruusu
Date: Thu Jun 10 2010 - 02:34:40 EST

Tejun Heo wrote:
> On 06/09/2010 01:48 AM, Al Viro wrote:
> > Yeah... bd_start_claiming() grabs a reference to gendisk and we never
> > let it go. There's your leak...
> Eh, I thought you were cc'd. Sorry. This was fixed sometime back by
> Nick and queued in block tree (delayed due to mail misdelivery).

That one liner patch makes module refcount mismatch go away.

However, I am not sure if that is the right place to insert that
module_put(). The problem with Nick Piggin's (2010-05-25 15:50:21 GMT) patch
is that it makes module refcount temporarily drop to zero.

I added this line right after that "module_put(disk->fops->owner);" fix:

if(disk->fops->owner){printk("bd_start_claiming: module_refcount=%u\n", module_refcount(disk->fops->owner));}

And that said "module_refcount=0" when I tried it with my silly floppy
module mount+umount test.

Later in the mount system call handling the module refrence count is
incremented. But to me that looks like there is a window of opportunity for
things to go wrong. What is there to prevent module from being removed at
zero refcount?

