Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately ondeletion, take 2

From: Tejun Heo
Date: Tue Apr 17 2007 - 08:42:52 EST

Next message: Pavel Emelianov: "[PATCH] Show slab memory usage on OOM and SysRq-M"
Previous message: Francis Moreau: "Re: [CRYPTO] is it really optimized ?"
In reply to: Tejun Heo: "Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately ondeletion, take 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maneesh Soni wrote:
> I started looking at these patches and parallely also did some testing on a
> 8 CPU system. I am using the patches from Greg's tree at
> http://www.kernel.org/pub/scm/linux/kernel/git/gregkh/patches.git/
>
> I ran following loops parallelly
>
> # while true; do insmod drivers/net/dummy.ko; sleep 1;rmmod dummy; done
> # while true; do find /sys/class/net/dummy0 | xargs cat; sleep 1; done
> # while true; do umount /sys; sleep 1; mount -t sysfs none /sys; done
> # while true; do find /sys | xargs cat > /dev/null; sleep 1; done
>
> and got the following oops
>
> Unable to handle kernel NULL pointer dereference at 000000000000004c RIP:
> [<ffffffff802935b4>] simple_unlink+0x14/0x5c
> PGD 21955c067 PUD 215b52067 PMD 0
> Oops: 0002 [1] SMP
> CPU 6
> Modules linked in: dummy i2c_dev i2c_core
> Pid: 21161, comm: rmmod Not tainted 2.6.21-rc6 #3
> RIP: 0010:[<ffffffff802935b4>] [<ffffffff802935b4>] simple_unlink+0x14/0x5c
> RSP: 0000:ffff81021b38be28 EFLAGS: 00010292

Okay, got it. The problem here is the race between dcache shrinking
triggered by umount and sysfs deletion. It seems to be introduced
when dentries for attr and symlink nodes are made unpinned.
sd->s_entry clearing is done without synchronization and
sysfs_drop_entry() ends up deleting already deleted dentry
(dentry->inode is NULL).

sd->s_entry is broken in other ways too. Consider the following
scenario.

thread shrinking dcache thread looking up sysfs entry
--------------------------------------------------------------------
1. sysfs dentry for A is chosen as
victim.
2. prune_one_dentry() drops the dentry
and calls dentry_iput().
3. dentry_iput() unlinks d_alias and
releases spin locks.
4. looks up dentry for A which
is not in dcache.
5. new dentry is created and
sysfs_lookup() is invoked,
which instantiates the dentry
and set sd->s_dentry to it.
6. sysfs_d_iput() is called.
BUG_ON(sd->s_dentry != dentry)
triggers and sd->s_dentry is
cleared. You're screwed.

I think it can be fixed by making deletion more like conventional
filesystem. Brewing a patch...

--
tejun
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Emelianov: "[PATCH] Show slab memory usage on OOM and SysRq-M"
Previous message: Francis Moreau: "Re: [CRYPTO] is it really optimized ?"
In reply to: Tejun Heo: "Re: [PATCHSET #master] sysfs: make sysfs disconnect immediately ondeletion, take 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]