On Wed, 31 Mar 2004, Maneesh Soni wrote: > For convenience I will explain the race here.. > > cpu 0 cpu 1 > kobject_unregister() sysfs_open_file() > kobject_del() check_perm() > sysfs_remove_dir() : > (dentry remains alive due to ref. taken : > on the way to sysfs_open_file) : > kobject_put() : > kobject_cleanup() kobject_get(->d_fsdata) > > cpu 1 could end up referring to a freed kobject through dentry->d_fsdata or > starts spitting Badness in kobject_get at lib/kobject.c:429. For triggering > this race try running these two loops simultaneously on SMP > > # while true; do insmod drivers/net/dummy.ko; rmmod dummy; done > # while true; do find /sys/class/net | xargs cat; done > > Probably it can be solved by making sure that when sysfs file is > opened/read/written some _race_ free check is done and fail if kobject if gone. > > Maneesh
Here's a suggestion. At the start of check_perm() grab the dentry semaphore, then check whether d_fsdata is NULL, if it isn't then do the kobject_get(), then unlock the semaphore. Alan Stern ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
