From: ebiederm@xmission.com (Eric W. Biederman)
To: Tejun Heo <htejun@gmail.com>
Cc: Alex Chiang <achiang@hp.com>,
greg@kroah.com, cornelia.huck@de.ibm.com,
stern@rowland.harvard.edu, kay.sievers@vrfy.org,
rusty@rustcorp.com.au, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 0/3] sysfs: allow suicide
Date: Wed, 25 Mar 2009 20:05:24 -0700 [thread overview]
Message-ID: <m163hxrnkb.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <49CADB45.3090501@gmail.com> (Tejun Heo's message of "Thu\, 26 Mar 2009 10\:32\:53 +0900")
Tejun Heo <htejun@gmail.com> writes:
> Thanks for the points. I do agree that it could be a bit too clever,
> but the thing is that protecting the code area from going underneath
> something is a pretty special thing to begin with and I think it's
> better to apply special solution rather than trying to work around it
> using general mechanisms. So, I actually think the global inhibit
> thing is one of the better ways to deal with the nasty-in-nature
> problem.
Protecting the data structures from going away is just as important,
and the module_inhibit does not address that.
When I looked at it I could not see any touches of kobj in the sysfs
code after we dropped the reference count in a strange place, but
I haven't been able to convince myself that we will be safe.
>>>> My hypothesis is once we solve this for the general case of
>>>> device hotplug and removal we won't need special support from
>>>> sysfs. At least not in the suicidal way.
>>> I agree that we have problems in our infrastructure, especially,
>>> as you point out, overlapping device trees, etc.
>
> I don't really see how some grand general solution would solve
> deadlock problem at sysfs layer, care to elaborate a bit?
See below. I'm really not thinking of doing anything different
just putting the code somewhere different that sysfs.
>>> I see your point about adding extra cruft into sysfs to work
>>> around a special case while leaving the hard problem unsolved.
>>>
>>> Perhaps the status quo is better. I do think that getting
>>> suicidal sysfs attributes off the global workqueue is a band-aid
>>> that actually helps, vs. the proposed patches here which are
>>> questionable in nature.
>>
>> Sounds like it. I'm not trying to shoot this down, rather
>> I'm trying to figure out how to solve this cleanly, as I am slowly
>> trying to sort out the pci hotplug and unplug issues.
>
> The problem I see is that there aren't too many users and the solution
> is a bit too narrow focused, but with increasing support for
> hotplug/unplug, I think the problem is becoming more widespread and
> the workqueue solution is quite fragile and cumbersome for each and
> every user, so unless there are other directions we can pursue (the
> general one above maybe?), I think it's better to add a bit of
> complexity to sysfs rather than forcing everyone user of it to do it.
My view is that this is a general hotplug problem and not a sysfs problem.
Further I see inhibiting module reload as only solving have the problem
as dropping the kobject reference opens a window to a use after free on
the kobj.
The problem that I see is that we are missing support from the device
model for hotunplug. Running the device remove method from process
context is required. Typically hotplug controllers discover a
device has been removed or will be removed in interrupt context.
Therefore every hotplug driver I have looked at has it's own workqueue
to solve the problem of getting the notification of a hotplug event
from an inappropriate context.
So the general problem that I see is that I need a solution to trigger
a remove from interrupt context and that same solution will happen to
work just fine for sysfs.
Eric
next prev parent reply other threads:[~2009-03-26 3:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-25 4:16 [RFC PATCH 0/3] sysfs: allow suicide Alex Chiang
2009-03-25 4:16 ` [RFC PATCH 1/3] sysfs: make the sysfs_addrm_cxt->removed list FIFO Alex Chiang
2009-03-25 4:16 ` [RFC PATCH 2/3] sysfs: add blocking notifier to prohibit module unload Alex Chiang
2009-03-25 4:17 ` [RFC PATCH 3/3] sysfs: care-free suicide for sysfs files Alex Chiang
2009-03-26 5:24 ` Tejun Heo
2009-03-25 5:54 ` [RFC PATCH 0/3] sysfs: allow suicide Eric W. Biederman
2009-03-25 22:54 ` Alex Chiang
2009-03-26 0:42 ` Eric W. Biederman
2009-03-26 1:26 ` Alex Chiang
2009-03-26 2:41 ` Eric W. Biederman
2009-03-26 1:32 ` Tejun Heo
2009-03-26 3:05 ` Eric W. Biederman [this message]
2009-03-26 3:36 ` Tejun Heo
2009-03-26 14:21 ` Alan Stern
2009-03-26 14:56 ` Cornelia Huck
2009-03-25 14:45 ` Alan Stern
2009-03-25 23:03 ` Alex Chiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m163hxrnkb.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=achiang@hp.com \
--cc=cornelia.huck@de.ibm.com \
--cc=greg@kroah.com \
--cc=htejun@gmail.com \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox