[dm-devel] kobject: provide kobject_put_wait to fix module unload race

Mike Snitzer snitzer at redhat.com
Tue Jan 7 19:19:10 UTC 2014


On Tue, Jan 07 2014 at  1:00pm -0500,
Mikulas Patocka <mpatocka at redhat.com> wrote:

> 
> 
> On Tue, 7 Jan 2014, Linus Torvalds wrote:
> 
> > This looks completely broken to me. You do a "kobject_put()" and then
> > after you've dropped that last use, you wait for the completion of
> > something that may already have been free'd.
> > 
> > Wtf? Am I missing something?
> > 
> >                Linus
> 
> It is correct. The release method dm_kobject_release doesn't free the 
> kobject. It just signals the completion and returns.
> 
> This is the sequence of operations:
> * call kobject_put
> * wait until all users stop using the kobject, when it happens the release 
>   method is called
> * the release method signals the completion and returns
> * the unload code that waits on the completion continues
> * the unload code frees the mapped_device structure that contains the 
>   kobject
> 
> Using kobject this way avoids the module unload race that was mentioned at 
> the beginning of this thread.

I've staged your patch in linux-next for 3.14, see:
http://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=af7b1e5c767fc895788c971c8f4686402ac8344f




More information about the dm-devel mailing list