init_dev() is only called from tty_open() which is called under the BKL.
> Now, consider tty_unregister_driver(). This is normally called from
> a tty driver modules cleanup function. Also note that there are no
> locks here.
>
> Also consider tty_register_driver() and note, again, that there are
> no locks here.
Ok, there should be some kind of lock of the tty_drivers list, I agree.
But that doesn't pertain to this module reference counting patch, right?
> Checking kernel/module.c, the BKL isn't held when calling the modules
> init and cleanup functions.
Woah! Hm, this is going to cause lots of problems in drivers that have
been assuming that the BKL is grabbed during module unload, and during
open(). Hm, time to just fallback on the argument, "module unloading is
unsafe" :(
> So, all in all, we have a nice SMP race between loading tty driver
> modules, unloading tty driver modules, and getting reference counts
> on driver modules.
Yeah, you're right. But this isn't the only subsystem that now has this
race :(
I still think the original patch will help, and it will remove all of
the MOD_INC usages in tty drivers, which is a step in the right
direction.
So I'll send this to Linus, and we'll move on to the next locking mess
in here...
thanks,
greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/