Re: [PATCH] xen-blkback: prevent premature module unload

From: Roger Pau Monné
Date: Wed Dec 11 2019 - 08:55:46 EST


On Wed, Dec 11, 2019 at 01:27:42PM +0000, Durrant, Paul wrote:
> > -----Original Message-----
> > From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > Sent: 11 December 2019 11:29
> > To: Durrant, Paul <pdurrant@xxxxxxxxxx>
> > Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx; linux-block@xxxxxxxxxxxxxxx; linux-
> > kernel@xxxxxxxxxxxxxxx; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>;
> > Jens Axboe <axboe@xxxxxxxxx>
> > Subject: Re: [PATCH] xen-blkback: prevent premature module unload
> >
> > On Tue, Dec 10, 2019 at 02:53:05PM +0000, Paul Durrant wrote:
> > > Objects allocated by xen_blkif_alloc come from the 'blkif_cache' kmem
> > > cache. This cache is destoyed when xen-blkif is unloaded so it is
> > > necessary to wait for the deferred free routine used for such objects to
> > > complete. This necessity was missed in commit 14855954f636 "xen-blkback:
> > > allow module to be cleanly unloaded". This patch fixes the problem by
> > > taking/releasing extra module references in xen_blkif_alloc/free()
> > > respectively.
> > >
> > > Signed-off-by: Paul Durrant <pdurrant@xxxxxxxxxx>
> >
> > Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> >
> > One nit below.
> >
> > > ---
> > > Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> > > Cc: "Roger Pau Monné" <roger.pau@xxxxxxxxxx>
> > > Cc: Jens Axboe <axboe@xxxxxxxxx>
> > > ---
> > > drivers/block/xen-blkback/xenbus.c | 10 ++++++++++
> > > 1 file changed, 10 insertions(+)
> > >
> > > diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-
> > blkback/xenbus.c
> > > index e8c5c54e1d26..59d576d27ca7 100644
> > > --- a/drivers/block/xen-blkback/xenbus.c
> > > +++ b/drivers/block/xen-blkback/xenbus.c
> > > @@ -171,6 +171,15 @@ static struct xen_blkif *xen_blkif_alloc(domid_t
> > domid)
> > > blkif->domid = domid;
> > > atomic_set(&blkif->refcnt, 1);
> > > init_completion(&blkif->drain_complete);
> > > +
> > > + /*
> > > + * Because freeing back to the cache may be deferred, it is not
> > > + * safe to unload the module (and hence destroy the cache) until
> > > + * this has completed. To prevent premature unloading, take an
> > > + * extra module reference here and release only when the object
> > > + * has been free back to the cache.
> > ^ freed
>
> Oh yes. Can this be done on commit, or would you like me to send a v2?

Adjusting on commit would be fine for me, but it's up to Juergen since
he is the one that will pick this up. IIRC the module unload patches
didn't go through the block subsystem.

Thanks, Roger.