From: Greg KH <greg@kroah.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Kernel development list <linux-kernel@vger.kernel.org>,
Hans de Goede <hdegoede@redhat.com>
Subject: Re: Unbinding drivers for resources that are in use
Date: Mon, 13 Jun 2011 08:42:18 -0700 [thread overview]
Message-ID: <20110613154218.GA32124@kroah.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1106131048080.1983-100000@iolanthe.rowland.org>
On Mon, Jun 13, 2011 at 11:10:57AM -0400, Alan Stern wrote:
> The kernel prevents modules from being unloaded if they are being used.
> But it doesn't have any analogous mechanism for preventing a driver
> being unbound from a device that's in use.
>
> For example, suppose a SATA disk contains a mounted filesystem. If the
> user writes the corresponding device name to
> /sys/bus/scsi/drivers/sd/unbind without unmounting the filesystem, the
> drive will become inaccessible and data may be lost. The same problem
> arises with USB devices and programs using usbfs to unbind a device
> from its kernel driver.
>
> It's true that the "unbind" attribute has mode 0200 and therefore can
> be written only by the superuser. Still, this puts the onus on
> userspace to determine whether or not a device is being used. The
> kernel could easily keep track of this automatically and atomically
> -- userspace can't do this without races.
>
> Therefore I'm asking if the driver core should add a refcount to every
> struct device for keeping track of the number of open file references
> (or other types of resource) using this device. If this number is
> nonzero, the kernel should prevent the device from being unbound from
> its driver -- except of course in cases where the device has been
> hot-unplugged; there's nothing we can do to prevent errors when this
> happens.
>
> Changes to the refcount would have to propagate up the device tree: If
> a device holds an important resource then we don't want any of the
> device's ancestors to become inaccessible either. This would be easy
> to implement.
>
> Should we do it?
No, people are starting to use 'unbind' as a poor-man's verison of
revoke(), by simulating the device removal from the driver, even if the
device is being used by someone at that point in time.
And that's a good thing, as that is what revoke() really wants to do,
you want to clean up whatever that device was doing and make the file
handles stale, and allow a different user to then connect to the device
if needed.
So I really would not want to disallow this type of functionality, which
adding reference counts and preventing unbind from working would cause.
thanks,
greg k-h
next prev parent reply other threads:[~2011-06-13 15:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-13 15:10 Unbinding drivers for resources that are in use Alan Stern
2011-06-13 15:42 ` Greg KH [this message]
2011-06-13 17:50 ` Hans de Goede
2011-06-13 19:15 ` Greg KH
2011-06-14 6:41 ` Oliver Neukum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110613154218.GA32124@kroah.com \
--to=greg@kroah.com \
--cc=hdegoede@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.