LKML Archive on
help / color / mirror / Atom feed
From: Tejun Heo <>
To: Alan Stern <>
Cc: Christoph Hellwig <>,
	Bart Van Assche <>,
	James Bottomley <>,
	Hannes Reinecke <>,
	"" <>,
	Greg Kroah-Hartman <>,
	Kernel development list <>
Subject: Re: sysfs methods can race with ->remove
Date: Thu, 15 Jan 2015 14:40:31 -0500	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Hello, Alan.

On Thu, Jan 15, 2015 at 01:22:03PM -0500, Alan Stern wrote:
> > It has a reference to keep it from beeing freed, but so far I can't find
> > anything that prevents ->remove from beeing called while we are in or
> > just before a method call.
> There are two types of methods to think about: Those registered by the 
> subsystem and those registered by the driver.
> If a method is registered by the driver, then the driver will
> unregister it when the ->remove routine runs.  I don't know for
> certain, but I would expect that the sysfs/kernfs core will make sure
> that any existing method calls complete before unregister returns.  
> This would prevent races.

Yes, attribute deletions are blocked till the on-going sysfs
read/write operations are finished and further rw accesses are failed.

> If a method is registered by the subsystem, and if the method runs 
> entirely within the subsystem's code, then ->remove doesn't matter.  
> The driver could be unbound while the method is running and it would be 
> okay.
> The only time we have a problem is when the method is registered by the 
> subsystem and the method calls into the driver.  (Note that this is 
> exactly what happens with scsi_rescan_device.)
> > > > But this seems like a more generic problem, and at least a quick glance at
> > > > the pci_driver methods seems like others don't have a good
> > > > synchroniation of ->remove against random driver methods.
> > > 
> > > Can you give one or two examples?
> > 
> > I look at the sriov_configure PCI method, or the various sub-methods
> > under pci_driver.err_handler.
> The sriov_numvfs_store method does have the same problem, and so does 
> the reset_store method (by way of pci_reset_function -> 
> pci_dev_save_and_disable -> pci_reset_notify).
> Tejun, is my analysis correct?  How should we fix these races?

I'm not really following what the actual problem case is, so SCSI
subsystem store methods are derefing dev->driver without synchronizing
against detach events?  If that's the case, the solution would be
synchronizing against attach/detach events?  Sorry if I'm being
totally idiotic.  I'm having a bit of hard time jumping right in.  :)



  reply	other threads:[~2015-01-15 19:40 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <>
     [not found] ` <>
2015-01-14  9:33   ` [PATCH for v3.19, v2] Avoid that sd_shutdown() triggers a kernel warning Christoph Hellwig
2015-01-14 15:07     ` Alan Stern
2015-01-15 16:06       ` Christoph Hellwig
2015-01-15 18:22         ` sysfs methods can race with ->remove Alan Stern
2015-01-15 19:40           ` Tejun Heo [this message]
2015-01-26 17:19             ` Christoph Hellwig
2015-01-26 18:38               ` Alan Stern
2015-01-20 15:11     ` [PATCH for v3.19, v2] Avoid that sd_shutdown() triggers a kernel warning Alan Stern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \
    --subject='Re: sysfs methods can race with ->remove' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).