Re: [PATCH -next V3] ubi: fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl

From: Zhihao Cheng
Date: Tue Dec 28 2021 - 02:48:19 EST

Next message: Wen Gu: "[RFC PATCH net] net/smc: Reset conn->lgr when link group registration fails"
Previous message: Wilson J. Mutanda: "Did you get the information"
Next in thread: Richard Weinberger: "Re: [PATCH -next V3] ubi: fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

在 2021/12/24 5:06, Richard Weinberger 写道:

----- Ursprüngliche Mail -----

ubi_get_device is used to prevent devices from being deleted during
sysfs execution. However, now kernfs ensures that devices will not
be deleted before all reference counting are released.
The key process is shown in the following stack.

ubi_get_device() in dev_attribute_show() is used to detect whether
the ubi device got detached while the sysfs file is open.

Hmm. I thought for sysfs this is not the case since sysfs does not implement
a release() method. So kernfs_drain_open_files() will return early.
But there is a good chance that I don't got all kernfs/sysfs details.

kernfs_drain() will wait 'root->deactivate_waitq' if atomic_read(&kn->active) not equals to KN_DEACTIVATED_BIAS.

The UBI seq_show callback is invoked with avtive cnt taken:
vfs_read
kernfs_fop_read_iter
seq_read_iter
m->op->start (kernfs_seq_start) // kernfs_get_active(of->kn)
kernfs_seq_show
dev_attribute_show [ubi]
m->op->stop (kernfs_seq_stop) // kernfs_put_active(of->kn)

The kernfs_drain() is stuck at wait_event() until sysfs reading finished, in my local test.

Next message: Wen Gu: "[RFC PATCH net] net/smc: Reset conn->lgr when link group registration fails"
Previous message: Wilson J. Mutanda: "Did you get the information"
Next in thread: Richard Weinberger: "Re: [PATCH -next V3] ubi: fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]