Re: 2.6.35-rc2 module reference counting broken

From: Al Viro
Date: Tue Jun 08 2010 - 19:48:28 EST


On Mon, Jun 07, 2010 at 07:44:12AM +0100, Al Viro wrote:
> On Mon, Jun 07, 2010 at 08:20:30AM +0300, Jari Ruusu wrote:
> > Someone broke block device module reference counting. Problem occours when a
> > modular block device is mounted and unmounted. Not when it is directly read.
> > 2.6.34 kernel works OK, but 2.6.35-rc2 kernel seems to increase usage count
> > by one for each mount + umount pair.
>
> Very interesting... Looks like mount() bumps refcount by 2. umount() after
> that drops refcount by 1, so it's not leaking superblocks.
>
> Which probably means that open_bdev_exclusive() is fscked. Interesting...
> FWIW, quick look through the history seems to point to this:
> commit 6b4517a7913a09d3259bb1d21c9cb300f12294bd
> Author: Tejun Heo <tj@xxxxxxxxxx>
> Date: Wed Apr 7 18:53:59 2010 +0900
>
> block: implement bd_claiming and claiming block
>
> I'm far too sleepy right now, but I'd start with reviewing what that
> thing is doing to module refcounting...

Yeah... bd_start_claiming() grabs a reference to gendisk and we never
let it go. There's your leak...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/