Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2

Maneesh Soni wrote:
> I started looking at these patches and parallely also did some testing on a 
> 8 CPU system. I am using the patches from Greg's tree at
> http://www.kernel.org/pub/scm/linux/kernel/git/gregkh/patches.git/
> 
> I ran following loops parallelly
> 
> # while true; do insmod drivers/net/dummy.ko; sleep 1;rmmod dummy; done
> # while true; do find /sys/class/net/dummy0 | xargs cat; sleep 1; done
> # while true; do umount /sys; sleep 1; mount -t sysfs none /sys; done
> # while true; do find /sys | xargs cat > /dev/null; sleep 1; done
> 
> and got the following oops
> 
> Unable to handle kernel NULL pointer dereference at 000000000000004c RIP:
>  [<ffffffff802935b4>] simple_unlink+0x14/0x5c
> PGD 21955c067 PUD 215b52067 PMD 0
> Oops: 0002 [1] SMP
> CPU 6
> Modules linked in: dummy i2c_dev i2c_core
> Pid: 21161, comm: rmmod Not tainted 2.6.21-rc6 #3
> RIP: 0010:[<ffffffff802935b4>]  [<ffffffff802935b4>] simple_unlink+0x14/0x5c
> RSP: 0000:ffff81021b38be28  EFLAGS: 00010292

Okay, got it.  The problem here is the race between dcache shrinking
triggered by umount and sysfs deletion.  It seems to be introduced
when dentries for attr and symlink nodes are made unpinned.
sd->s_entry clearing is done without synchronization and
sysfs_drop_entry() ends up deleting already deleted dentry
(dentry->inode is NULL).

sd->s_entry is broken in other ways too.  Consider the following
scenario.

   thread shrinking dcache		thread looking up sysfs entry
  --------------------------------------------------------------------
1. sysfs dentry for A is chosen as
   victim.
2. prune_one_dentry() drops the dentry
   and calls dentry_iput().
3. dentry_iput() unlinks d_alias and
   releases spin locks.
					4. looks up dentry for A which
					   is not in dcache.
					5. new dentry is created and
					   sysfs_lookup() is invoked,
					   which instantiates the dentry
					   and set sd->s_dentry to it.
6. sysfs_d_iput() is called.
   BUG_ON(sd->s_dentry != dentry)
   triggers and sd->s_dentry is
   cleared.  You're screwed.

I think it can be fixed by making deletion more like conventional
filesystem.  Brewing a patch...

-- 
tejun
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2
    • From: Tejun Heo <[email protected]>
  • Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2
    • From: Maneesh Soni <[email protected]>

• Prev by Date: Re: [CRYPTO] is it really optimized ?
• Next by Date: [PATCH] Show slab memory usage on OOM and SysRq-M
• Previous by thread: Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately on deletion, take 2
• Next by thread: Fw: Re: + add-locking-to-evdev.patch added to -mm tree
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]