From: ebiederm@xmission.com (Eric W. Biederman)
To: Tejun Heo <htejun@gmail.com>
Cc: Alex Chiang <achiang@hp.com>,
greg@kroah.com, cornelia.huck@de.ibm.com,
stern@rowland.harvard.edu, kay.sievers@vrfy.org,
rusty@rustcorp.com.au, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 0/3] sysfs: allow suicide
Date: Wed, 25 Mar 2009 20:05:24 -0700 [thread overview]
Message-ID: <m163hxrnkb.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <49CADB45.3090501@gmail.com> (Tejun Heo's message of "Thu\, 26 Mar 2009 10\:32\:53 +0900")
Tejun Heo <htejun@gmail.com> writes:
> Thanks for the points. I do agree that it could be a bit too clever,
> but the thing is that protecting the code area from going underneath
> something is a pretty special thing to begin with and I think it's
> better to apply special solution rather than trying to work around it
> using general mechanisms. So, I actually think the global inhibit
> thing is one of the better ways to deal with the nasty-in-nature
> problem.
Protecting the data structures from going away is just as important,
and the module_inhibit does not address that.
When I looked at it I could not see any touches of kobj in the sysfs
code after we dropped the reference count in a strange place, but
I haven't been able to convince myself that we will be safe.
>>>> My hypothesis is once we solve this for the general case of
>>>> device hotplug and removal we won't need special support from
>>>> sysfs. At least not in the suicidal way.
>>> I agree that we have problems in our infrastructure, especially,
>>> as you point out, overlapping device trees, etc.
>
> I don't really see how some grand general solution would solve
> deadlock problem at sysfs layer, care to elaborate a bit?
See below. I'm really not thinking of doing anything different
just putting the code somewhere different that sysfs.
>>> I see your point about adding extra cruft into sysfs to work
>>> around a special case while leaving the hard problem unsolved.
>>>
>>> Perhaps the status quo is better. I do think that getting
>>> suicidal sysfs attributes off the global workqueue is a band-aid
>>> that actually helps, vs. the proposed patches here which are
>>> questionable in nature.
>>
>> Sounds like it. I'm not trying to shoot this down, rather
>> I'm trying to figure out how to solve this cleanly, as I am slowly
>> trying to sort out the pci hotplug and unplug issues.
>
> The problem I see is that there aren't too many users and the solution
> is a bit too narrow focused, but with increasing support for
> hotplug/unplug, I think the problem is becoming more widespread and
> the workqueue solution is quite fragile and cumbersome for each and
> every user, so unless there are other directions we can pursue (the
> general one above maybe?), I think it's better to add a bit of
> complexity to sysfs rather than forcing everyone user of it to do it.
My view is that this is a general hotplug problem and not a sysfs problem.
Further I see inhibiting module reload as only solving have the problem
as dropping the kobject reference opens a window to a use after free on
the kobj.
The problem that I see is that we are missing support from the device
model for hotunplug. Running the device remove method from process
context is required. Typically hotplug controllers discover a
device has been removed or will be removed in interrupt context.
Therefore every hotplug driver I have looked at has it's own workqueue
to solve the problem of getting the notification of a hotplug event
from an inappropriate context.
So the general problem that I see is that I need a solution to trigger
a remove from interrupt context and that same solution will happen to
work just fine for sysfs.
Eric
next prev parent reply other threads:[~2009-03-26 3:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-25 4:16 [RFC PATCH 0/3] sysfs: allow suicide Alex Chiang
2009-03-25 4:16 ` [RFC PATCH 1/3] sysfs: make the sysfs_addrm_cxt->removed list FIFO Alex Chiang
2009-03-25 4:16 ` [RFC PATCH 2/3] sysfs: add blocking notifier to prohibit module unload Alex Chiang
2009-03-25 4:17 ` [RFC PATCH 3/3] sysfs: care-free suicide for sysfs files Alex Chiang
2009-03-26 5:24 ` Tejun Heo
2009-03-25 5:54 ` [RFC PATCH 0/3] sysfs: allow suicide Eric W. Biederman
2009-03-25 22:54 ` Alex Chiang
2009-03-26 0:42 ` Eric W. Biederman
2009-03-26 1:26 ` Alex Chiang
2009-03-26 2:41 ` Eric W. Biederman
2009-03-26 1:32 ` Tejun Heo
2009-03-26 3:05 ` Eric W. Biederman [this message]
2009-03-26 3:36 ` Tejun Heo
2009-03-26 14:21 ` Alan Stern
2009-03-26 14:56 ` Cornelia Huck
2009-03-25 14:45 ` Alan Stern
2009-03-25 23:03 ` Alex Chiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m163hxrnkb.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=achiang@hp.com \
--cc=cornelia.huck@de.ibm.com \
--cc=greg@kroah.com \
--cc=htejun@gmail.com \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.