On Thu, 16 Nov 2000, Dan Aloni wrote:
> On Thu, 16 Nov 2000, Linus Torvalds wrote:
>
> > On Thu, 16 Nov 2000, Dan Aloni wrote:
> > >
> > > Makes procfs use an atomic use count for dir entries, to avoid using
> > > the Big kernel lock. Axboe says it looks ok.
> >
> > There's a race there. Look at what happens if de_put() races with
> > remove_proc_entry(): we'd do free_proc_entry() twice. Not good.
> >
> > Leave the kernel lock for now.
>
> Is this particular kernel lock helps anyway? We could have been half way
> through remove_proc_entry(), line 569, for example, while in the same time
> another thread enters de_put when the use count is 1 and frees the entry
> while the other thread is locked just before dereferencing the entry.
After reading the code more, I have realized we have a very narrowed race
condition, which can be eliminated if we do this (in remove_proc_entry()):
--- linux/fs/proc/generic.c Fri Nov 17 10:17:33 2000
+++ linux/fs/proc/generic.c Fri Nov 17 10:17:50 2000
@@ -573,10 +573,10 @@
(void *) proc_alloc_map);
proc_kill_inodes(de);
de->nlink = 0;
- de->deleted = 1;
if (!atomic_read(&de->count))
free_proc_entry(de);
else {
+ de->deleted = 1;
printk("remove_proc_entry: %s/%s busy, count=%d\n",
parent->name, de->name, atomic_read(&de->count));
}
Since de_put() only frees entries with deleted != 0, and deleted is only
set to 1 inside remove_proc_entry(), with this patch, there is no way
free_proc_entry() will be called from de_put(), while remove_proc_entry()
is about to free or is freeing the entry. After that 'de->delete = 1', the
proc entry is no longer in the proc entry tree, and a second call to
remove_proc_entry() won't find it at all, and leave it safe for
de_put() to handle.
-- Dan Aloni dax@karrde.org- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:12 EST