From: Nicolai Stange <nicstange@gmail.com>
To: Mike Marshall <hubcap@omnibond.com>
Cc: Greg KH <greg@kroah.com>, Nicolai Stange <nicstange@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Martin Brandenburg <martin@omnibond.com>
Subject: Re: debugfs question...
Date: Sun, 13 Nov 2016 19:51:02 +0100 [thread overview]
Message-ID: <877f876wo9.fsf@gmail.com> (raw)
In-Reply-To: <87wpgoff0o.fsf@gmail.com> (Nicolai Stange's message of "Mon, 31 Oct 2016 21:19:03 +0100")
Hi again,
bad news: my previous analysis was completely wrong, c.f. below.
Good news (from my point of view): debugfs is correct, no fix needed for
it.
Apologies for the confusion...
Nicolai Stange <nicstange@gmail.com> writes:
> Greg KH <greg@kroah.com> writes:
>
>> On Mon, Oct 31, 2016 at 02:32:56PM -0400, Mike Marshall wrote:
>>
>>> But... really bad things happen if someone unloads the Orangefs
>>> module after my test program does the open and before the read
>>> starts. So I picked another debugfs-using-filesystem (f2fs) and
>>> pointed my tester-program at /sys/kernel/debug/f2fs/status, and
>>> the same bad thing happens there.
>
> [...]
>
>>> [ 1240.144316] Call Trace:
>>> [ 1240.144450] [<ffffffff8122907f>] __fput+0xdf/0x1d0
>>> [ 1240.144704] [<ffffffff812291ae>] ____fput+0xe/0x10
>>> [ 1240.144962] [<ffffffff810b97de>] task_work_run+0x8e/0xc0
>>> [ 1240.145243] [<ffffffff8109b98e>] do_exit+0x2ae/0xae0
>
>
> Thank you very much for this detailed report!
>
> At least for the .../f2fs/status file, your splat at fput() can be
> readily explained with the full proxy's releaser not being protected
> against file removals in any way.
>
> Partly this is on purpose, c.f. the comment in full_proxy_release().
>
> However, I should have at least tried to acquire a reference to the
> owning module before accessing some static struct file_operations or
> even calling some ->release() within it. Meh.
This is what I got wrong: debugfs does acquire the needed references
correctly (details below). For the case of f2fs' "status" file, the
file_operations ->owner is simply not set as it should have been,
i.e. to THIS_MODULE.
Details on debugfs' reference acquisition:
The open proxy, full_proxy_open(), gets a reference to the "real"
file_operations, hence to its module. (Only in its error path it
releases it again).
full_proxy_release() is in charge of dropping that reference again, but
only *after* it has attempted to call the "real" ->release().
So, as long as a file has been (successfully) opened, a reference to the
original file_operation's ->owner is owned, preventing it from getting
unloaded.
Can you confirm that you didn't set ->owner in your Orangefs related
tests, too?
Thanks,
Nicolai
next prev parent reply other threads:[~2016-11-13 18:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-31 18:32 debugfs question Mike Marshall
2016-10-31 19:38 ` Greg KH
2016-10-31 20:19 ` Nicolai Stange
2016-10-31 20:30 ` Mike Marshall
2016-11-01 11:22 ` Mike Marshall
2016-11-10 14:16 ` Greg KH
2016-11-10 17:48 ` Nicolai Stange
2016-11-10 19:11 ` Greg KH
2016-11-13 18:51 ` Nicolai Stange [this message]
2016-11-13 22:43 ` Mike Marshall
2016-11-14 6:55 ` Greg KH
2016-11-20 18:59 ` Nicolai Stange
2016-11-14 17:12 ` Mike Marshall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877f876wo9.fsf@gmail.com \
--to=nicstange@gmail.com \
--cc=greg@kroah.com \
--cc=hubcap@omnibond.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=martin@omnibond.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.