Re: module: fix module_refcount() return when running in a module exit routine

[Christoph Hellwig]

On Fri, Jan 23, 2015 at 10:42:47AM -0800, James Bottomley wrote:
> To that point, Rusty's patch just keeps the status quo in the new
> module_refcount() environment, so it's the quick bandaid.
> 
> I think the use case you're worrying about is what happens if someone
> tries to use a device after module removal begins executing but before
> the device has been deleted (say by opening it)?  We'll exit the device
> removal routines and then kill the module, because after the module code
> gets to ->exit(), nothing re-checks the module refcount, so the host
> module will get free'd while we're still using the device.
> 
> The fix for this seems to be to differentiate between special uses of
> scsi_get_device, which are allowed to get the device in the module exit
> routines and ordinary uses which aren't.  Something like this? (the
> patch isn't complete, but you get the idea).

Yes, that's exactly what I worry about.  But you're right, the patch
doesn't make anything worse compared to the 3.18 and earlier status quo.

So I think I'm fine with the __module_get patch (which I assume will go
through the module tree as well?), and I'll get back to my series to
unwind our bandaids back to the start for the proper fix.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/