From: Greg KH <gregkh@linuxfoundation.org>
To: Gaurav Kohli <gkohli@codeaurora.org>
Cc: tj@kernel.org, linux-kernel@vger.kernel.org,
linux-arm-msm@vger.kernel.org, Mukesh Ojha <mojha@codeaurora.org>
Subject: Re: [PATCH v0] kernfs: Skip kernfs_put of parent from child node
Date: Fri, 5 Apr 2019 13:33:04 +0200 [thread overview]
Message-ID: <20190405113304.GA28420@kroah.com> (raw)
In-Reply-To: <1554463267-30841-1-git-send-email-gkohli@codeaurora.org>
On Fri, Apr 05, 2019 at 04:51:07PM +0530, Gaurav Kohli wrote:
> While adding kernfs node for child to the parent kernfs
> node and when child node founds that parent kn count is
> zero, then below comes like:
>
> WARNING: fs/kernfs/dir.c:494 kernfs_get+0x64/0x88
>
> This indicates that parent is in kernfs_put path/ or already
> freed, and if the child node keeps continue to
> make new kernfs node, then there is chance of
> below race for parent node:
>
> CPU0 CPU1
> //Parent node //child node
> kernfs_put
> atomic_dec_and_test(&kn->count)
> //count is 0, so continue
> kernfs_new_node(child)
> kernfs_get(parent);
> //increment parent count to 1
> //warning come as parent count is 0
> /* link in */
> kernfs_add_one(kn);
> // this should fail as parent is
> //in free path.
> kernfs_put(child)
> kmem_cache_free(parent)
> kmem_cache_free(child)
> kn = parent
> atomic_dec_and_test(&kn->count))
> //this is 0 now, so release will
> continue for parent.
> kmem_cache_free(parent)
>
> To prevent this race, child simply has to decrement count of parent
> kernfs node and keep continue the free path for itself.
>
> Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
> Signed-off-by: Mukesh Ojha <mojha@codeaurora.org>
>
> diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
> index b84d635..d5a36e8 100644
> --- a/fs/kernfs/dir.c
> +++ b/fs/kernfs/dir.c
> @@ -515,7 +515,6 @@ void kernfs_put(struct kernfs_node *kn)
> if (!kn || !atomic_dec_and_test(&kn->count))
> return;
> root = kernfs_root(kn);
> - repeat:
> /*
> * Moving/renaming is always done while holding reference.
> * kn->parent won't change beneath us.
> @@ -545,8 +544,8 @@ void kernfs_put(struct kernfs_node *kn)
>
> kn = parent;
> if (kn) {
> - if (atomic_dec_and_test(&kn->count))
> - goto repeat;
> + /* Parent may be on free path, so simply decrement the count */
That's the wrong indentation :(
And how are you hitting this issue? What user of kernfs is causing
this?
thanks,
greg k-h
next prev parent reply other threads:[~2019-04-05 11:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-05 11:21 [PATCH v0] kernfs: Skip kernfs_put of parent from child node Gaurav Kohli
2019-04-05 11:33 ` Greg KH [this message]
2019-04-05 11:43 ` Gaurav Kohli
2019-04-05 12:10 ` Greg KH
2019-04-05 12:31 ` Mukesh Ojha
2019-04-08 10:16 ` Gaurav Kohli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190405113304.GA28420@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=gkohli@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mojha@codeaurora.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.