Re: [PATCH] module: print module name on refcount error

From: Jean Delvare
Date: Mon Aug 28 2023 - 08:19:35 EST

Next message: Matthew Wilcox: "Re: [PATCH] vfs: use helpers for calling f_op->{read,write}_iter() in read_write.c"
Previous message: Matthew Wilcox: "Re: [PATCH v2] fs: clean up usage of noop_dirty_folio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Luis, Michal,

On Wed, 26 Jul 2023 13:59:06 -0700, Luis Chamberlain wrote:
> On Mon, Jul 10, 2023 at 07:43:01AM +0200, Michal Hocko wrote:
> > On Fri 07-07-23 11:56:49, Luis Chamberlain wrote:
> > > On Mon, Jul 03, 2023 at 03:47:22PM +0200, Michal Hocko wrote:
> > > > On Fri 30-06-23 16:05:33, Luis Chamberlain wrote:
> > > > [...]
> > > > > What prevents code from racing the free with a random module_put()
> > > > > called by some other piece of code?
> > > >
> > > > Wouldn't be ref count a garbage already? How can you race when freeing
> > > > if module_put fail?
> > >
> > > It could yes, ie, so this risks at all being junk.
> >
> > Could you be more specific please? I still do not see a scenario where
> > module string name would be junk while refcount itself would be a valid
> > memory.
>
> That is true, but if refcount is invalid so will the memory for the
> string.

This isn't how I read the code, and this is exactly the reason why I
submitted this patch in the first place.

As far as I can see, there are 3 possibilities:

1* The refcount is correct, everything is fine.
2* The refcount is wrong (we are trying to put a ref which was never
taken), however the module wasn't unloaded yet, so the module name is
still readable.
3* The refcount is wrong and the module has already been unloaded. The
memory may have been reused already, so the module name can't be read.

My patch is only useful in case 2. Although it doesn't cover all cases,
I think it is relevant because unloading modules is something you
rarely do in production, so if the refcount goes wrong, we will almost
always be in case 2.

That being said, if you don't like my proposal for whatever reason, or
prefer addressing the issue in a different way, no problem at all.

> > It would likely be better to use refcount_t instead of atomic_t.
>
> Patches welcomed.

Michal, do I understand correctly that this would prevent the case our
customer had (too many gets), but won't make a difference for actual
too-many-puts situations?

--
Jean Delvare
SUSE L3 Support

Next message: Matthew Wilcox: "Re: [PATCH] vfs: use helpers for calling f_op->{read,write}_iter() in read_write.c"
Previous message: Matthew Wilcox: "Re: [PATCH v2] fs: clean up usage of noop_dirty_folio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]