[dm-devel] kobject: provide kobject_put_wait to fix module unload race
Mike Snitzer
snitzer at redhat.com
Tue Jan 7 19:19:10 UTC 2014
On Tue, Jan 07 2014 at 1:00pm -0500,
Mikulas Patocka <mpatocka at redhat.com> wrote:
>
>
> On Tue, 7 Jan 2014, Linus Torvalds wrote:
>
> > This looks completely broken to me. You do a "kobject_put()" and then
> > after you've dropped that last use, you wait for the completion of
> > something that may already have been free'd.
> >
> > Wtf? Am I missing something?
> >
> > Linus
>
> It is correct. The release method dm_kobject_release doesn't free the
> kobject. It just signals the completion and returns.
>
> This is the sequence of operations:
> * call kobject_put
> * wait until all users stop using the kobject, when it happens the release
> method is called
> * the release method signals the completion and returns
> * the unload code that waits on the completion continues
> * the unload code frees the mapped_device structure that contains the
> kobject
>
> Using kobject this way avoids the module unload race that was mentioned at
> the beginning of this thread.
I've staged your patch in linux-next for 3.14, see:
http://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=af7b1e5c767fc895788c971c8f4686402ac8344f
More information about the dm-devel
mailing list