Re: [PATCH] kobject: provide kobject_put_wait to fix module unload race

[Dmitry Torokhov <dmitry.torokhov@gmail.com>]

On Sat, Jan 04, 2014 at 07:42:28PM -0800, Greg Kroah-Hartman wrote:
> On Sat, Jan 04, 2014 at 03:35:39PM -0500, Mikulas Patocka wrote:
> > 
> > 
> > On Sat, 4 Jan 2014, Greg Kroah-Hartman wrote:
> > 
> > > On Sat, Jan 04, 2014 at 01:06:01PM -0500, Mikulas Patocka wrote:
> > > > Hi
> > > > 
> > > > I noticed that Jeff Mahoney added a new structure kobj_completion, defined 
> > > > in include/linux/kobj_completion.h to the kernel 3.13-rc1 in the patch 
> > > > eee031649707db3c9920d9498f8d03819b74fc23. In the current upstream kernel, 
> > > > this interface is still unused.
> > > 
> > > There are pending btrfs patches to use this interface.
> > > 
> > > > However, converting the drivers to use kobj_completion is not trivial 
> > > > (note that all users of the original kobject interface are buggy - so all 
> > > > of them need to be converted).
> > > 
> > > Wait, what?  How are "all users" buggy?  Please explain this in detail.
> > 
> > 1) some code takes a reference to a kobject
> > 2) the user unloads the device
> > 3) the device driver unload routine calls kobject_put (but there is still 
> >    reference, so the kobject is not destroyed)
> 
> A driver should never be messing around with "raw" kobjects, they should
> be using a 'struct device' which is created/managed by the subsystem
> they belong to.  See Dmitry's example of input and serio as ways to do
> this, also USB and PCI do this properly.

Well, Mikulas is correct in the sense that there is still a race between
release function invoking the final module_put() and getting preempted
and module getting unloaded by another thread. Hitting this race is
pretty hard though.

-- 
Dmitry