Re: Module Refcount & Stuff mini-FAQ

• Next message: Rusty Russell: "[PATCH] module_param() 2/3"
• Previous message: Andi Kleen: "Re: uml-patch-2.5.49-1"
• In reply to: Rusty Russell: "Re: Module Refcount & Stuff mini-FAQ"
• Next in thread: Rusty Russell: "Re: Module Refcount & Stuff mini-FAQ"
• Reply: Rusty Russell: "Re: Module Refcount & Stuff mini-FAQ"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rusty Russell wrote:
> Yes, but between doing and undoing (in the failure path) someone has
> started using the module.

But how ? Don't we have only two ways of calling a module, i.e.
by symbol, or by callback ? All callbacks that might call a module
must be protected with try_module_get, right ? (*)

(*) Actually, if the registration can be revoked, and the
    deregistration function does properly synchronize with on-going
    callbacks, you shouldn't need try_module_get either. E.g.
    del_timer_sync doesn't need to know about module owners.

So, if you make try_module_get work during initialization, and
modules don't publish their symbols before initialization is done,
there should be no problem ?

> Given we have a method of isolating a module already, it seems logical
> to use it to prevent exactly this race.

But that's mainly the symbol-unload race, considering that any call
through a function pointer requires try_module_get anyway. Without
try_module_get, there would also be callback-unload races if
callback de-registration doesn't synchronize (e.g. del_timer
vs. del_timer_sync).

By the way, it's also not so nice that there can't be
callbacks at removal, e.g.

service_unregister(...)
{
        ...
        for_pending_requests(req) {
                ...
                if (try_module_get(req->owner))
                        req->fn(req,REQUEST_CANCELLED);
                else
                        printk(KERN_CRIT "we just dropped a request on the "
                          "floor, how nice\n");
                ...
        }
        ...
}

Calling this from the module removal function would be
perfectly safe.

Actually ... can't you allow modules to be called until the
cleanup function has returned ?

> Unfortunately my last attempt
> assumed noone did this, and broke IDE and SCSI (hence pissing
> *everyone* off 8).

Two in one strike ain't bad ;-) Maybe we can find something that
gets rid of that pesky NFS, too, e.g. by adding

#define while if /* enforce efficient programming practices */

to linux/kernel.h, or such ;-)

- Werner

-- 
  _________________________________________________________________________
 / Werner Almesberger, Buenos Aires, Argentina         wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Rusty Russell: "[PATCH] module_param() 2/3"
• Previous message: Andi Kleen: "Re: uml-patch-2.5.49-1"
• In reply to: Rusty Russell: "Re: Module Refcount & Stuff mini-FAQ"
• Next in thread: Rusty Russell: "Re: Module Refcount & Stuff mini-FAQ"
• Reply: Rusty Russell: "Re: Module Refcount & Stuff mini-FAQ"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Nov 30 2002 - 22:00:13 EST