Re: [RFC] race in request_module()

Keith Owens (kaos@ocs.com.au)
Tue, 23 Apr 2002 13:45:33 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Miles Lane: "Re: 2.5.9 -- OOPS in IDE code (symbolic dump and boot log included)"
Previous message: Jesse Barnes: "Re: [RFC] patch to /proc/meminfo to display NUMA stats"
Maybe in reply to: Alexander Viro: "[RFC] race in request_module()"
Next in thread: Keith Owens: "Re: [RFC] race in request_module()"

On Mon, 22 Apr 2002 23:35:51 -0400 (EDT),
Alexander Viro <viro@math.psu.edu> wrote:
>On Tue, 23 Apr 2002, Keith Owens wrote:
>> When a module is loaded, it is marked !MOD_USED_ONCE. An explicit
>> rmmod will get rid of the module but rmmod -a will not. rmmod -a will
>> not remove a module unless __MOD_INC_USE_COUNT has been issued on the
>> module at least once, or the module is loaded to satisfy unresolved
>> symbols from another module.
>
>
>Which is still racy - open()/close() bringing stuff from the same module
>during the window in question and there we go.
>
>IOW, echo </dev/foo will merrily set MOD_USED_ONCE.

Where is the race?

open /dev/foo
request_module(foo)
load foo, mark !MOD_USED_ONCE.
continue with open, MOD_INC_USE_COUNT(foo), mark MOD_USED_ONCE.
return to use, module is locked down
User space closes /dev/foo
Release foo resources.
MOD_DEC_USE_COUNT(foo)
return to user space
rmmod -a cleans up. Nothing is using foo, it is removed.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miles Lane: "Re: 2.5.9 -- OOPS in IDE code (symbolic dump and boot log included)"
Previous message: Jesse Barnes: "Re: [RFC] patch to /proc/meminfo to display NUMA stats"
Maybe in reply to: Alexander Viro: "[RFC] race in request_module()"
Next in thread: Keith Owens: "Re: [RFC] race in request_module()"