debugfs_remove() vs. anything that is dynamic
From: Johannes Berg
Date: Fri Apr 04 2008 - 10:29:40 EST
Consider the following trivial module:
--- %< ---
#include <linux/module.h>
#include <linux/debugfs.h>
static struct dentry *f;
static u32 tmp;
int __init mod_enter(void)
{
f = debugfs_create_u32("tmp-test", 0666, NULL, &tmp);
return 0;
}
void __exit mod_leave(void)
{
debugfs_remove(f);
}
module_init(mod_enter);
module_exit(mod_leave);
MODULE_LICENSE("GPL");
--- >% ---
How do I make that safe?
FWIW, the problem is:
thread 1 thread 2
fd = open("tmp-test")
sleep(30); rmmod test-module
read(fd, buf, 100);
--> accesses now invalid memory because debugfs doesn't actually stop
you from accessing "&tmp" after debugfs_remove(). [yes, I actually
tested a variation of this where I dynamically allocated the 'tmp'
variable, I got the slab poison in my test program]
Personally, I tend to think this makes debugfs rather unusable in
modules and with anything that is dynamically allocated [1]. AFAICT
sysfs avoids this by having object lifetime imposed by sysfs, but
debugfs doesn't work that way.
What am I missing?
johannes
[1] which covers many many current users, it seems at least usbmon,
ohci/ehci/uhci-dbg, pktcdvd, fault injection code, blktrace and probably
more.
Attachment:
signature.asc
Description: This is a digitally signed message part