Re: [PATCH] Kobjects: drop child->parent ref at unregistration
- From: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Nov 2007 21:29:36 -0500 (EST)
On Mon, 26 Nov 2007, Andrew Morton wrote:
On Mon, 19 Nov 2007 10:53:40 -0500 (EST)
Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
This patch (as1015) reverts changes that were made to the driver core
about four years ago. The intent back then was to avoid certain kinds
of invalid memory accesses by leaving kernel objects allocated as long
as any of their children were still allocated. The original and
correct approach was to wait only as long as any children were still
_registered_; that's what this patch reinstates.
What happened with this?
As far as I know, it's on Greg's queue.
This fixes a problem in the SCSI core made visible by the class_device
to regular device conversion: A reference loop (scsi_device holds
reference to request_queue, which is the child of a gendisk, which is
the child of the scsi_device) prevents the data structures from being
released, even though they are deregistered okay.
It's possible that this change will cause a few bugs to surface,
things that have been hidden for several years. They can be fixed
easily enough by having the child device take an explicit reference to
the parent whenever needed.
How will such bugs manifest? Ideally via a nice printk and a stack trace
followed by damage avoidance.
They will manifest in the same way as any other use-after-free bug: an
oops message and either death of the current process or a system hang.
Obviously I'm not aware of any such bugs -- if I were, I'd fix them.
Greg has expressed concern that some USB serial drivers might have this
problem. I'll do what testing I can (not much because I don't have any
USB serial devices).
If it's via a mysterious crash or something similarly obscure then can we
improve that?
I can't think of anything offhand. Maybe someone else can.
Alan Stern
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- References:
- Re: [PATCH] Kobjects: drop child->parent ref at unregistration
- From: Andrew Morton
- Re: [PATCH] Kobjects: drop child->parent ref at unregistration
- Prev by Date: [Patch](Resend) mm/sparse.c: Improve the error handling for sparse_add_one_section()
- Next by Date: Re: [PATCHv4 5/6] Allow setting O_NONBLOCK flag for new sockets
- Previous by thread: Re: [PATCH] Kobjects: drop child->parent ref at unregistration
- Next by thread: Re: [PATCH] Kobjects: drop child->parent ref at unregistration
- Index(es):
Relevant Pages
|
