Re: [PATCH] protect remove_proc_entry

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kirill Korotaev <dev@sw.ru>
To: Andrew Morton <akpm@osdl.org>
Cc: rostedt@goodmis.org, linux-kernel@vger.kernel.org, mingo@elte.hu
Subject: Re: [PATCH] protect remove_proc_entry
Date: Wed, 04 Jan 2006 14:27:41 +0300	[thread overview]
Message-ID: <43BBB12D.80008@sw.ru> (raw)
In-Reply-To: <20060104013658.620e51e6.akpm@osdl.org>

>>Hi Andrew,
>>
>>I have a full patch for this.
> 
> 
> Please don't top-post.  It makes things hard...
do you prefer separate mails with patch and with reference to original 
report? will do so.

>>I don't remember the details yet, but lock was not god here, we used 
>>semaphore. I pointed to this problem long ago when fixed error path in 
>>proc with moduleget.
>>
>>This patch protects proc_dir_entry tree with a proc_tree_sem semaphore. 
>>I suppose lock_kernel() can be removed later after checking that no proc 
>>handlers require it.
>>Also this patch remakes de refcounters a bit making it more clear and 
>>more similar to dentry scheme - this is required to make sure that 
>>everything works correctly.
>>
>>Patch is against 2.6.15-rcX and was tested for about a week. Also works 
>>half a year on 2.6.8 :)
>>
>>[ patch which uses an rwsem for procfs and somewhat removes lock_kernel() ]
>>
> 
> 
> I worry about replacing a spinlock with a sleeping lock.  In some
> circumstances it can cause a complete scalability collapse and I suspect
> this could happen with /proc.  Although I guess the only fastpath here is
> proc_readdir(), and as the lock is taken there for reading, we'll be OK..
> 
> The patch does leave some lock_kernel() calls behind.  If we're going to do
> this, I think they should all be removed?
> 
> Races in /proc have been plentiful and hard to find.  The patch worries me,
> frankly.  I'd like to see quite a bit more description of the locking
> schema and some demonstration that it's actually complete before taking the
> plunge.

ok, here goes some more descriptions:

1.
proc_readdir is a sleeping ops:
sys_getdents
`- vfs_readdir
      `- proc_readdir
           `- filldir
                `- put_user/copy_to_user
that's why we must use semaphore. of course spinlock can be used too,
but this will case another problem: it must be dropped to call filldir, but
beofre it will be retaken the dentry being filldir-ed may be removed and
we won't see it's siblings in output.

2.
lock_kernel() is needed to handle at least simultaneous sys_read vs
create_proc_entry with sequental de->proc_fops = XXX. this can be
handled by passing fops directly to create_proc_entry.
i.e. there is a 3rd problem I pointed to you before:
create_proc_entry() and setting of de->owner/de->proc_fops is inatomic.
lock_kernel() is not a best way to protect against this, sure...
I would prefer to fix it with a separate patch somehow...

3.
refcounting:
each proc_dir_entry's refcounter is the reference from inode plus
references from children. once this count reaches zero - dentry is freed.
so on each proc_register() parent is get-ed, on each remove_proc_entry
parent is put-ed.

Kirill

next prev parent reply	other threads:[~2006-01-04 11:25 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-30 20:04 [Question] race condition with remove_proc_entry Steven Rostedt
2005-12-30 21:28 ` [PATCH] protect remove_proc_entry Steven Rostedt
2005-12-30 21:34   ` Daniel Walker
2005-12-30 21:55     ` Steven Rostedt
2005-12-30 21:55   ` Mitchell Blank Jr
2005-12-30 22:09     ` Steven Rostedt
2005-12-30 22:18       ` Steven Rostedt
2006-01-04  9:21         ` Andrew Morton
2006-01-04 12:18           ` Steven Rostedt
2006-01-05  1:48             ` Mitchell Blank Jr
2006-01-07 11:25       ` Andrew Morton
2005-12-30 22:11     ` Steven Rostedt
2005-12-30 23:46   ` Andrew Morton
2005-12-31  6:58     ` Steven Rostedt
2005-12-31  8:34       ` Arjan van de Ven
2005-12-31  8:53     ` Kirill Korotaev
2006-01-04  9:36       ` Andrew Morton
2006-01-04 11:27         ` Kirill Korotaev [this message]
2006-01-02 13:02     ` Steven Rostedt
2006-01-07 11:36   ` Andrew Morton
2006-01-07 12:04     ` Steven Rostedt
2006-01-09 19:16     ` Steven Rostedt
2006-01-10  0:59       ` Steven Rostedt
2006-01-10  1:05         ` Ingo Molnar
2006-01-10 13:26       ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43BBB12D.80008@sw.ru \
    --to=dev@sw.ru \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.