From: Louis Rilling <Louis.Rilling@kerlabs.com>
To: Joel Becker <joel.becker@oracle.com>
Cc: linux-fsdevel@vger.kernel.org, cluster-devel@redhat.com,
ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [RFC] configfs: Pin configfs subsystems separately from new config_items.
Date: Wed, 18 Jun 2008 14:31:34 +0200 [thread overview]
Message-ID: <20080618123134.GC30804@localhost> (raw)
In-Reply-To: <1213742460-26331-1-git-send-email-joel.becker@oracle.com>
On Tue, Jun 17, 2008 at 03:41:00PM -0700, Joel Becker wrote:
> configfs_mkdir() creates a new item by calling its parent's
> ->make_item/group() functions. Once that object is created,
> configfs_mkdir() calls try_module_get() on the new item's module. If it
> succeeds, the module owning the new item cannot be unloaded, and
> configfs is safe to reference the item.
>
> If the item and the subsystem it belongs to are part of the same module,
> the subsystem is also pinned. This is the common case.
>
> However, if the subsystem is made up of multiple modules, this may not
> pin the subsystem. Thus, it would be possible to unload the toplevel
> subsystem module while there is still a child item. Thus, we now
> try_module_get() the subsystem's module. This only really affects
> children of the toplevel subsystem group. Deeper children already have
> their parents pinned.
Looks good to me.
What about new item module pinning versus a concurrent sys_delete_module() in a
preemptible kernel? AFAICS new_item pinning is just done too late to protect
anybody against sys_delete_module(). Shouldn't we remove new item module pinning
and let the subsystem do it?
process 1: process 2:
confifs_mkdir()
item = make_item()
--- preemption schedule ---
sys_delete_module()
ok
--- end of preemption ---
new_item_owner = item->ci_type.ct_owner
Possible access to freed memory if type statically allocated!
try_module_get(new_item_owner)
Access to freed memory of the module metadata!
Louis
--
Dr Louis Rilling Kerlabs
Skype: louis.rilling Batiment Germanium
Phone: (+33|0) 6 80 89 08 23 80 avenue des Buttes de Coesmes
http://www.kerlabs.com/ 35700 Rennes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://oss.oracle.com/pipermail/ocfs2-devel/attachments/20080618/ffb59622/attachment.bin
WARNING: multiple messages have this Message-ID (diff)
From: Louis Rilling <Louis.Rilling@kerlabs.com>
To: Joel Becker <joel.becker@oracle.com>
Cc: linux-fsdevel@vger.kernel.org, cluster-devel@redhat.com,
ocfs2-devel@oss.oracle.com
Subject: Re: [Ocfs2-devel] [RFC] configfs: Pin configfs subsystems separately from new config_items.
Date: Wed, 18 Jun 2008 14:31:34 +0200 [thread overview]
Message-ID: <20080618123134.GC30804@localhost> (raw)
In-Reply-To: <1213742460-26331-1-git-send-email-joel.becker@oracle.com>
[-- Attachment #1: Type: text/plain, Size: 1753 bytes --]
On Tue, Jun 17, 2008 at 03:41:00PM -0700, Joel Becker wrote:
> configfs_mkdir() creates a new item by calling its parent's
> ->make_item/group() functions. Once that object is created,
> configfs_mkdir() calls try_module_get() on the new item's module. If it
> succeeds, the module owning the new item cannot be unloaded, and
> configfs is safe to reference the item.
>
> If the item and the subsystem it belongs to are part of the same module,
> the subsystem is also pinned. This is the common case.
>
> However, if the subsystem is made up of multiple modules, this may not
> pin the subsystem. Thus, it would be possible to unload the toplevel
> subsystem module while there is still a child item. Thus, we now
> try_module_get() the subsystem's module. This only really affects
> children of the toplevel subsystem group. Deeper children already have
> their parents pinned.
Looks good to me.
What about new item module pinning versus a concurrent sys_delete_module() in a
preemptible kernel? AFAICS new_item pinning is just done too late to protect
anybody against sys_delete_module(). Shouldn't we remove new item module pinning
and let the subsystem do it?
process 1: process 2:
confifs_mkdir()
item = make_item()
--- preemption schedule ---
sys_delete_module()
ok
--- end of preemption ---
new_item_owner = item->ci_type.ct_owner
Possible access to freed memory if type statically allocated!
try_module_get(new_item_owner)
Access to freed memory of the module metadata!
Louis
--
Dr Louis Rilling Kerlabs
Skype: louis.rilling Batiment Germanium
Phone: (+33|0) 6 80 89 08 23 80 avenue des Buttes de Coesmes
http://www.kerlabs.com/ 35700 Rennes
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2008-06-18 12:31 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-17 22:41 [Cluster-devel] [RFC] configfs: Pin configfs subsystems separately from new config_items Joel Becker
2008-06-17 22:41 ` Joel Becker
2008-06-17 22:41 ` [Ocfs2-devel] " Joel Becker
2008-06-18 12:31 ` Louis Rilling [this message]
2008-06-18 12:31 ` Louis Rilling
2008-06-18 16:12 ` [Cluster-devel] " Joel Becker
2008-06-18 16:12 ` Joel Becker
2008-06-18 16:12 ` Joel Becker
2008-06-18 16:51 ` Louis Rilling
2008-06-18 16:51 ` Louis Rilling
2008-06-18 20:07 ` [Cluster-devel] " Joel Becker
2008-06-18 20:07 ` Joel Becker
2008-06-18 20:07 ` [Ocfs2-devel] " Joel Becker
2008-06-19 11:13 ` Louis Rilling
2008-06-19 11:13 ` Louis Rilling
2008-06-19 22:07 ` [Cluster-devel] " Joel Becker
2008-06-19 22:07 ` Joel Becker
2008-06-19 22:07 ` Joel Becker
2008-06-20 12:46 ` Louis Rilling
2008-06-20 12:46 ` Louis Rilling
2008-06-20 22:36 ` [Cluster-devel] " Joel Becker
2008-06-20 22:36 ` Joel Becker
2008-06-20 22:36 ` Joel Becker
2008-06-23 15:44 ` Louis Rilling
2008-06-23 15:44 ` Louis Rilling
2008-06-23 19:10 ` [Cluster-devel] " Joel Becker
2008-06-23 19:10 ` Joel Becker
2008-06-23 19:10 ` Joel Becker
2008-06-24 5:04 ` Louis Rilling
2008-06-24 5:04 ` Louis Rilling
2008-06-24 17:03 ` [Cluster-devel] " Joel Becker
2008-06-24 17:03 ` Joel Becker
2008-06-24 17:03 ` [Ocfs2-devel] " Joel Becker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080618123134.GC30804@localhost \
--to=louis.rilling@kerlabs.com \
--cc=cluster-devel@redhat.com \
--cc=joel.becker@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=ocfs2-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.