Greg KH <[EMAIL PROTECTED]> wrote: > > > The problem shows up when a nonexistent symlink or file is deleted from a > > sysfs directory. The code does a name lookup, and since the name doesn't > > match an existing file a new dentry is created for it, increasing the > > directory's refcount by 1. That new dentry is released at the end of the > > unlink routine, but the release fails to decrement the directory's > > refcount. The dentry winds up on a LRU list and is still pointed at by > > the parent -- I don't know whether that's supposed to happen or not. > >
This is just a negative dentry isn't it? Cannot the same problem occur if a user performs a lookup for a non-existent file in that directory? > > The upshot is that the directory has this persistent dentry for a > > nonexistent file, so it doesn't get released, so it doesn't drop its > > reference to its kobject, so the kobject doesn't get released. > > Does this mean that an unprivileged user can open a file in that directory, keep it open indefinitely and hence cause khubd to hang? > > I observed this behavior in the SCSI system. When a SCSI device is added, > > a class_device directory is created for it under /sys/class/scsi_devices. > > The directory contains a "device" symlink but not a "driver" symlink. > > When the SCSI device is hot-unplugged, the class_device routines try to > > delete both symlinks and that triggers the problem. > > > > Alan Stern > > > > P.S.: I haven't gotten many comments regarding the questions raised at the > > start of this thread. Greg, have you had a chance to think through the > > alternatives? > > Yes, I agree there is a problem and can easily duplicate it, as can > Andrew and others. The simple patch that you sent me (and I've included > below does paper over the problem, but as you have just shown, this is > not the real problem. The real problem is the sysfs patch that went in. > > Andrew, here's the USB patch from Alan that will fix the issue right > now, but it's the incorrect fix, as we can cause oopses with it. > > Because of this, I'll send a patch next that backs Maneesh's patch out, > to solve the problem for now. Well, Maneesh's patch fixes kernel crashes... ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
