1. 08 Dec, 2018 1 commit
  2. 01 May, 2018 1 commit
    • Dmitry Vyukov's avatar
      kobject: don't use WARN for registration failures · 6ab44135
      Dmitry Vyukov authored
      commit 3e14c6abbfb5c94506edda9d8e2c145d79375798 upstream.
      
      This WARNING proved to be noisy. The function still returns an error
      and callers should handle it. That's how most of kernel code works.
      Downgrade the WARNING to pr_err() and leave WARNINGs for kernel bugs.
      Signed-off-by: 's avatarDmitry Vyukov <dvyukov@google.com>
      Reported-by: syzbot+209c0f67f99fec8eb14b@syzkaller.appspotmail.com
      Reported-by: syzbot+7fb6d9525a4528104e05@syzkaller.appspotmail.com
      Reported-by: syzbot+2e63711063e2d8f9ea27@syzkaller.appspotmail.com
      Reported-by: syzbot+de73361ee4971b6e6f75@syzkaller.appspotmail.com
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6ab44135
  3. 10 Feb, 2016 1 commit
  4. 07 Nov, 2015 1 commit
    • Rasmus Villemoes's avatar
      lib/kobject.c: use kvasprintf_const for formatting ->name · f773f32d
      Rasmus Villemoes authored
      Sometimes kobject_set_name_vargs is called with a format string conaining
      no %, or a format string of precisely "%s", where the single vararg
      happens to point to .rodata.  kvasprintf_const detects these cases for us
      and returns a copy of that pointer instead of duplicating the string, thus
      saving some run-time memory.  Otherwise, it falls back to kvasprintf.  We
      just need to always deallocate ->name using kfree_const.
      
      Unfortunately, the dance we need to do to perform the '/' -> '!'
      sanitization makes the resulting code rather ugly.
      
      I instrumented kstrdup_const to provide some statistics on the memory
      saved, and for me this gave an additional ~14KB after boot (306KB was
      already saved; this patch bumped that to 320KB).  I have
      KMALLOC_SHIFT_LOW==3, and since 80% of the kvasprintf_const hits were
      satisfied by an 8-byte allocation, the 14K would roughly be quadrupled
      when KMALLOC_SHIFT_LOW==5.  Whether these numbers are sufficient to
      justify the ugliness I'll leave to others to decide.
      Signed-off-by: 's avatarRasmus Villemoes <linux@rasmusvillemoes.dk>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      f773f32d
  5. 04 Oct, 2015 1 commit
  6. 17 Jul, 2015 1 commit
    • Nicolas Iooss's avatar
      include, lib: add __printf attributes to several function prototypes · 8db14860
      Nicolas Iooss authored
      Using __printf attributes helps to detect several format string issues
      at compile time (even though -Wformat-security is currently disabled in
      Makefile).  For example it can detect when formatting a pointer as a
      number, like the issue fixed in commit a3fa71c4 ("wl18xx: show
      rx_frames_per_rates as an array as it really is"), or when the arguments
      do not match the format string, c.f.  for example commit 5ce1aca8
      ("reiserfs: fix __RASSERT format string").
      
      To prevent similar bugs in the future, add a __printf attribute to every
      function prototype which needs one in include/linux/ and lib/.  These
      functions were mostly found by using gcc's -Wsuggest-attribute=format
      flag.
      Signed-off-by: 's avatarNicolas Iooss <nicolas.iooss_linux@m4x.org>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Felipe Balbi <balbi@ti.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      8db14860
  7. 26 Jun, 2015 1 commit
  8. 19 Jun, 2015 1 commit
  9. 25 Mar, 2015 1 commit
    • Ethan Zhao's avatar
      kobject: WARN as tip when call kobject_get() to a kobject not initialized · d82d54af
      Ethan Zhao authored
      call kobject_get() to kojbect that is not initalized or released will only
      leave following like call trace to us:
      
      -----------[ cut here ]------------
      [   54.545816] WARNING: CPU: 0 PID: 213 at include/linux/kref.h:47
      kobject_get+0x41/0x50()
      [   54.642595] Modules linked in: i2c_i801(+) mfd_core shpchp(+)
      acpi_cpufreq(+) edac_core ioatdma(+) xfs libcrc32c ast syscopyarea ixgbe
      sysfillrect sysimgblt sr_mod sd_mod drm_kms_helper igb mdio cdrom e1000e ahci
      dca ttm libahci uas drm i2c_algo_bit ptp megaraid_sas libata usb_storage
      i2c_core pps_core dm_mirror dm_region_hash dm_log dm_mod
      [   55.007264] CPU: 0 PID: 213 Comm: kworker/0:2 Not tainted
      3.18.5
      [   55.099970] Hardware name: Oracle Corporation SUN FIRE X4170 M2 SERVER
         /ASSY,MOTHERBOARD,X4170, BIOS 08120104 05/08/2012
      [   55.239736] Workqueue: kacpi_notify acpi_os_execute_deferred
      [   55.308598]  0000000000000000 00000000bd730b61 ffff88046742baf8
      ffffffff816b7edb
      [   55.398305]  0000000000000000 0000000000000000 ffff88046742bb38
      ffffffff81078ae1
      [   55.488040]  ffff88046742bbd8 ffff8806706b3000 0000000000000292
      0000000000000000
      [   55.577776] Call Trace:
      [   55.608228]  [<ffffffff816b7edb>] dump_stack+0x46/0x58
      [   55.670895]  [<ffffffff81078ae1>] warn_slowpath_common+0x81/0xa0
      [   55.743952]  [<ffffffff81078bfa>] warn_slowpath_null+0x1a/0x20
      [   55.814929]  [<ffffffff8130d0d1>] kobject_get+0x41/0x50
      [   55.878654]  [<ffffffff8153e955>] cpufreq_cpu_get+0x75/0xc0
      [   55.946528]  [<ffffffff8153f37e>] cpufreq_update_policy+0x2e/0x1f0
      
      The above issue was casued by a race condition, if there is a WARN in
      kobject_get() of the kobject is not initialized, that would save us much
      time to debug it.
      Signed-off-by: 's avatarEthan Zhao <ethan.zhao@oracle.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d82d54af
  10. 07 Nov, 2014 1 commit
    • Pankaj Dubey's avatar
      kobject: fix NULL pointer derefernce in kobj_child_ns_ops · 41fb96a4
      Pankaj Dubey authored
      We will hit NULL pointer dereference if we call
      platform_device_register_simple or platform_device_add at very early
      stage. I have observed following crash when called platform_device_add
      from "init_irq" hook of machine_desc. This patch fixes this issue and
      let system handle this case gracefully instead of kernel panic.
      
      [0.000000] Unable to handle kernel NULL pointer dereference at
      virtual address 0000000c
      [0.000000] pgd = c0004000
      [0.000000] [0000000c] *pgd=00000000
      [0.000000] Internal error: Oops: 5 [#1] PREEMPT ARM
      [0.000000] Modules linked in:
      [0.000000] CPU: 0 PID: 0 Comm: swapper Tainted: G        W 3.17.0-rc6-00198-ga1603f1-dirty #319
      [0.000000] task: c05b23f0 ti: c05a8000 task.ti: c05a8000
      [0.000000] PC is at kobject_namespace+0x18/0x58
      [0.000000] LR is at kobject_add_internal+0x90/0x2ec
      [snip]
      [0.000000] [<c01b1df0>] (kobject_namespace) from [<c01b2338>] (kobject_add_internal+0x90/0x2ec)
      [0.000000] [<c01b2338>] (kobject_add_internal) from [<c01b2728>] (kobject_add+0x4c/0x98)
      [0.000000] [<c01b2728>] (kobject_add) from [<c0226274>] (device_add+0xe8/0x51c)
      [0.000000] [<c0226274>] (device_add) from [<c0229c70>] (platform_device_add+0xb4/0x214)
      [0.000000] [<c0229c70>] (platform_device_add) from [<c022a338>] (platform_device_register_full+0xb8/0xdc)
      [0.000000] [<c022a338>] (platform_device_register_full) from [<c0570214>] (exynos_init_irq+0x90/0x9c)
      [0.000000] [<c0570214>] (exynos_init_irq) from [<c056c18c>] (init_IRQ+0x2c/0x78)
      [0.000000] [<c056c18c>] (init_IRQ) from [<c0569a54>] (start_kernel+0x22c/0x378)
      [0.000000] [<c0569a54>] (start_kernel) from [<40008070>] (0x40008070)
      [0.000000] Code: e590000c e3500000 0a00000e e5903014 (e593300c)
      Signed-off-by: 's avatarPankaj Dubey <pankaj.dubey@samsung.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      41fb96a4
  11. 08 Feb, 2014 1 commit
    • Tejun Heo's avatar
      sysfs, kobject: add sysfs wrapper for kernfs_enable_ns() · fa4cd451
      Tejun Heo authored
      Currently, kobject is invoking kernfs_enable_ns() directly.  This is
      fine now as sysfs and kernfs are enabled and disabled together.  If
      sysfs is disabled, kernfs_enable_ns() is switched to dummy
      implementation too and everything is fine; however, kernfs will soon
      have its own config option CONFIG_KERNFS and !SYSFS && KERNFS will be
      possible, which can make kobject call into non-dummy
      kernfs_enable_ns() with NULL kernfs_node pointers leading to an oops.
      
      Introduce sysfs_enable_ns() which is a wrapper around
      kernfs_enable_ns() so that it can be made a noop depending only on
      CONFIG_SYSFS regardless of the planned CONFIG_KERNFS.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Reported-by: 's avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fa4cd451
  12. 28 Jan, 2014 1 commit
  13. 08 Jan, 2014 1 commit
  14. 05 Jan, 2014 1 commit
  15. 11 Dec, 2013 1 commit
    • Tejun Heo's avatar
      kernfs: s/sysfs_dirent/kernfs_node/ and rename its friends accordingly · 324a56e1
      Tejun Heo authored
      kernfs has just been separated out from sysfs and we're already in
      full conflict mode.  Nothing can make the situation any worse.  Let's
      take the chance to name things properly.
      
      This patch performs the following renames.
      
      * s/sysfs_elem_dir/kernfs_elem_dir/
      * s/sysfs_elem_symlink/kernfs_elem_symlink/
      * s/sysfs_elem_attr/kernfs_elem_file/
      * s/sysfs_dirent/kernfs_node/
      * s/sd/kn/ in kernfs proper
      * s/parent_sd/parent/
      * s/target_sd/target/
      * s/dir_sd/parent/
      * s/to_sysfs_dirent()/rb_to_kn()/
      * misc renames of local vars when they conflict with the above
      
      Because md, mic and gpio dig into sysfs details, this patch ends up
      modifying them.  All are sysfs_dirent renames and trivial.  While we
      can avoid these by introducing a dummy wrapping struct sysfs_dirent
      around kernfs_node, given the limited usage outside kernfs and sysfs
      proper, I don't think such workaround is called for.
      
      This patch is strictly rename only and doesn't introduce any
      functional difference.
      
      - mic / gpio renames were missing.  Spotted by kbuild test robot.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Cc: Neil Brown <neilb@suse.de>
      Cc: Linus Walleij <linus.walleij@linaro.org>
      Cc: Ashutosh Dixit <ashutosh.dixit@intel.com>
      Cc: kbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      324a56e1
  16. 09 Dec, 2013 1 commit
  17. 08 Dec, 2013 2 commits
  18. 30 Nov, 2013 1 commit
    • Tejun Heo's avatar
      sysfs, kernfs: introduce kernfs_create_dir[_ns]() · 93b2b8e4
      Tejun Heo authored
      Introduce kernfs interface to manipulate a directory which takes and
      returns sysfs_dirents.
      
      create_dir() is renamed to kernfs_create_dir_ns() and its argumantes
      and return value are updated.  create_dir() usages are replaced with
      kernfs_create_dir_ns() and sysfs_create_subdir() usages are replaced
      with kernfs_create_dir().  Dup warnings are handled explicitly by
      sysfs users of the kernfs interface.
      
      sysfs_enable_ns() is renamed to kernfs_enable_ns().
      
      This patch doesn't introduce any behavior changes.
      
      v2: Dummy implementation for !CONFIG_SYSFS updated to return -ENOSYS.
      
      v3: kernfs_enable_ns() added.
      
      v4: Refreshed on top of "sysfs: drop kobj_ns_type handling, take #2"
          so that this patch removes sysfs_enable_ns().
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      93b2b8e4
  19. 27 Nov, 2013 1 commit
    • Tejun Heo's avatar
      sysfs: drop kobj_ns_type handling, take #2 · c84a3b27
      Tejun Heo authored
      The way namespace tags are implemented in sysfs is more complicated
      than necessary.  As each tag is a pointer value and required to be
      non-NULL under a namespace enabled parent, there's no need to record
      separately what type each tag is.  If multiple namespace types are
      needed, which currently aren't, we can simply compare the tag to a set
      of allowed tags in the superblock assuming that the tags, being
      pointers, won't have the same value across multiple types.
      
      This patch rips out kobj_ns_type handling from sysfs.  sysfs now has
      an enable switch to turn on namespace under a node.  If enabled, all
      children are required to have non-NULL namespace tags and filtered
      against the super_block's tag.
      
      kobject namespace determination is now performed in
      lib/kobject.c::create_dir() making sysfs_read_ns_type() unnecessary.
      The sanity checks are also moved.  create_dir() is restructured to
      ease such addition.  This removes most kobject namespace knowledge
      from sysfs proper which will enable proper separation and layering of
      sysfs.
      
      This is the second try.  The first one was cb26a311 ("sysfs: drop
      kobj_ns_type handling") which tried to automatically enable namespace
      if there are children with non-NULL namespace tags; however, it was
      broken for symlinks as they should inherit the target's tag iff
      namespace is enabled in the parent.  This led to namespace filtering
      enabled incorrectly for wireless net class devices through phy80211
      symlinks and thus network configuration failure.  a1212d27
      ("Revert "sysfs: drop kobj_ns_type handling"") reverted the commit.
      
      This shouldn't introduce any behavior changes, for real.
      
      v2: Dummy implementation of sysfs_enable_ns() for !CONFIG_SYSFS was
          missing and caused build failure.  Reported by kbuild test robot.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Reported-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: kbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c84a3b27
  20. 07 Nov, 2013 1 commit
    • Linus Torvalds's avatar
      Revert "sysfs: drop kobj_ns_type handling" · a1212d27
      Linus Torvalds authored
      This reverts commit cb26a311.
      
      It mysteriously causes NetworkManager to not find the wireless device
      for me.  As far as I can tell, Tejun *meant* for this commit to not make
      any semantic changes, but there clearly are some.  So revert it, taking
      into account some of the calling convention changes that happened in
      this area in subsequent commits.
      
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      a1212d27
  21. 11 Oct, 2013 1 commit
  22. 10 Oct, 2013 1 commit
  23. 03 Oct, 2013 1 commit
    • Tejun Heo's avatar
      kobject: grab an extra reference on kobject->sd to allow duplicate deletes · 26ea12de
      Tejun Heo authored
      sysfs currently has a rather weird behavior regarding removals.  A
      directory removal would delete all files directly under it but
      wouldn't recurse into subdirectories, which, while a bit inconsistent,
      seems to make sense at the first glance as each directory is
      supposedly associated with a kobject and each kobject can take care of
      the directory deletion; however, this doesn't really hold as we have
      groups which can be directories without a kobject associated with it
      and require explicit deletions.
      
      We're in the process of separating out sysfs from kboject / driver
      core and want a consistent behavior.  A removal should delete either
      only the specified node or everything under it.  I think it is helpful
      to support recursive atomic removal and later patches will implement
      it.
      
      Such change means that a sysfs_dirent associated with kobject may be
      deleted before the kobject itself is removed if one of its ancestor
      gets removed before it.  As sysfs_remove_dir() puts the base ref, we
      may end up with dangling pointer on descendants.  This can be solved
      by holding an extra reference on the sd from kobject.
      
      Acquire an extra reference on the associated sysfs_dirent on directory
      creation and put it after removal.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      26ea12de
  24. 27 Sep, 2013 1 commit
  25. 26 Sep, 2013 4 commits
    • Jeff Mahoney's avatar
      kobject: introduce kobj_completion · eee03164
      Jeff Mahoney authored
      A common way to handle kobject lifetimes in embedded in objects with
      different lifetime rules is to pair the kobject with a struct completion.
      
      This introduces a kobj_completion structure that can be used in place
      of the pairing, along with several convenience functions for
      initialization, release, and put-and-wait.
      Signed-off-by: 's avatarJeff Mahoney <jeffm@suse.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      eee03164
    • Tejun Heo's avatar
      sysfs: drop kobj_ns_type handling · cb26a311
      Tejun Heo authored
      The way namespace tags are implemented in sysfs is more complicated
      than necessary.  As each tag is a pointer value and required to be
      non-NULL under a namespace enabled parent, there's no need to record
      separately what type each tag is or where namespace is enabled.
      
      If multiple namespace types are needed, which currently aren't, we can
      simply compare the tag to a set of allowed tags in the superblock
      assuming that the tags, being pointers, won't have the same value
      across multiple types.  Also, whether to filter by namespace tag or
      not can be trivially determined by whether the node has any tagged
      children or not.
      
      This patch rips out kobj_ns_type handling from sysfs.  sysfs no longer
      cares whether specific type of namespace is enabled or not.  If a
      sysfs_dirent has a non-NULL tag, the parent is marked as needing
      namespace filtering and the value is tested against the allowed set of
      tags for the superblock (currently only one but increasing this number
      isn't difficult) and the sysfs_dirent is ignored if it doesn't match.
      
      This removes most kobject namespace knowledge from sysfs proper which
      will enable proper separation and layering of sysfs.  The namespace
      sanity checks in fs/sysfs/dir.c are replaced by the new sanity check
      in kobject_namespace().  As this is the only place ktype->namespace()
      is called for sysfs, this doesn't weaken the sanity check
      significantly.  I omitted converting the sanity check in
      sysfs_do_create_link_sd().  While the check can be shifted to upper
      layer, mistakes there are well contained and should be easily visible
      anyway.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Kay Sievers <kay@vrfy.org>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cb26a311
    • Tejun Heo's avatar
      sysfs: remove ktype->namespace() invocations in directory code · e34ff490
      Tejun Heo authored
      For some unrecognizable reason, namespace information is communicated
      to sysfs through ktype->namespace() callback when there's *nothing*
      which needs the use of a callback.  The whole sequence of operations
      is completely synchronous and sysfs operations simply end up calling
      back into the layer which just invoked it in order to find out the
      namespace information, which is completely backwards, obfuscates
      what's going on and unnecessarily tangles two separate layers.
      
      This patch doesn't remove ktype->namespace() but shifts its handling
      to kobject layer.  We probably want to get rid of the callback in the
      long term.
      
      This patch adds an explicit param to sysfs_{create|rename|move}_dir()
      and renames them to sysfs_{create|rename|move}_dir_ns(), respectively.
      ktype->namespace() invocations are moved to the calling sites of the
      above functions.  A new helper kboject_namespace() is introduced which
      directly tests kobj_ns_type_operations->type which should give the
      same result as testing sysfs_fs_type(parent_sd) and returns @kobj's
      namespace tag as necessary.  kobject_namespace() is extern as it will
      be used from another file in the following patches.
      
      This patch should be an equivalent conversion without any functional
      difference.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Kay Sievers <kay@vrfy.org>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e34ff490
    • Eric W. Biederman's avatar
      sysfs: Allow mounting without CONFIG_NET · 667b4102
      Eric W. Biederman authored
      In kobj_ns_current_may_mount the default should be to allow the
      mount.  The test is only for a single kobj_ns_type at a time, and unless
      there is a reason to prevent it the mounting sysfs should be allowed.
      Subsystems that are not registered can't have are not involved so can't
      have a reason to prevent mounting sysfs.
      
      This is a bug-fix to:
          commit 7dc5dbc8
          Author: Eric W. Biederman <ebiederm@xmission.com>
          Date:   Mon Mar 25 20:07:01 2013 -0700
      
              sysfs: Restrict mounting sysfs
      
              Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights
              over the net namespace.  The principle here is if you create or have
              capabilities over it you can mount it, otherwise you get to live with
              what other people have mounted.
      
              Instead of testing this with a straight forward ns_capable call,
              perform this check the long and torturous way with kobject helpers,
              this keeps direct knowledge of namespaces out of sysfs, and preserves
              the existing sysfs abstractions.
      Acked-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: 's avatar"Eric W. Biederman" <ebiederm@xmission.com>
      
      That came in via the userns tree during the 3.12 merge window.
      Reported-by: 's avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: 's avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      667b4102
  26. 29 Aug, 2013 1 commit
    • Eric W. Biederman's avatar
      sysfs: Restrict mounting sysfs · 7dc5dbc8
      Eric W. Biederman authored
      Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights
      over the net namespace.  The principle here is if you create or have
      capabilities over it you can mount it, otherwise you get to live with
      what other people have mounted.
      
      Instead of testing this with a straight forward ns_capable call,
      perform this check the long and torturous way with kobject helpers,
      this keeps direct knowledge of namespaces out of sysfs, and preserves
      the existing sysfs abstractions.
      Acked-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: 's avatar"Eric W. Biederman" <ebiederm@xmission.com>
      7dc5dbc8
  27. 25 Jul, 2013 1 commit
    • Russell King's avatar
      kobject: delayed kobject release: help find buggy drivers · c817a67e
      Russell King authored
      Implement debugging for kobject release functions.  kobjects are
      reference counted, so the drop of the last reference to them is not
      predictable. However, the common case is for the last reference to be
      the kobject's removal from a subsystem, which results in the release
      function being immediately called.
      
      This can hide subtle bugs, which can occur when another thread holds a
      reference to the kobject at the same time that a kobject is removed.
      This results in the release method being delayed.
      
      In order to make these kinds of problems more visible, the following
      patch implements a delayed release; this has the effect that the
      release function will be out of order with respect to the removal of
      the kobject in the same manner that it would be if a reference was
      being held.
      
      This provides us with an easy way to allow driver writers to debug
      their drivers and fix otherwise hidden problems.
      Signed-off-by: 's avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c817a67e
  28. 07 Jun, 2013 1 commit
  29. 07 May, 2013 1 commit
  30. 13 Apr, 2013 1 commit
    • Linus Torvalds's avatar
      kobject: fix kset_find_obj() race with concurrent last kobject_put() · a49b7e82
      Linus Torvalds authored
      Anatol Pomozov identified a race condition that hits module unloading
      and re-loading.  To quote Anatol:
      
       "This is a race codition that exists between kset_find_obj() and
        kobject_put().  kset_find_obj() might return kobject that has refcount
        equal to 0 if this kobject is freeing by kobject_put() in other
        thread.
      
        Here is timeline for the crash in case if kset_find_obj() searches for
        an object tht nobody holds and other thread is doing kobject_put() on
        the same kobject:
      
          THREAD A (calls kset_find_obj())     THREAD B (calls kobject_put())
          splin_lock()
                                               atomic_dec_return(kobj->kref), counter gets zero here
                                               ... starts kobject cleanup ....
                                               spin_lock() // WAIT thread A in kobj_kset_leave()
          iterate over kset->list
          atomic_inc(kobj->kref) (counter becomes 1)
          spin_unlock()
                                               spin_lock() // taken
                                               // it does not know that thread A increased counter so it
                                               remove obj from list
                                               spin_unlock()
                                               vfree(module) // frees module object with containing kobj
      
          // kobj points to freed memory area!!
          kobject_put(kobj) // OOPS!!!!
      
        The race above happens because module.c tries to use kset_find_obj()
        when somebody unloads module.  The module.c code was introduced in
        commit 6494a93d"
      
      Anatol supplied a patch specific for module.c that worked around the
      problem by simply not using kset_find_obj() at all, but rather than make
      a local band-aid, this just fixes kset_find_obj() to be thread-safe
      using the proper model of refusing the get a new reference if the
      refcount has already dropped to zero.
      
      See examples of this proper refcount handling not only in the kref
      documentation, but in various other equivalent uses of this pattern by
      grepping for atomic_inc_not_zero().
      
      [ Side note: the module race does indicate that module loading and
        unloading is not properly serialized wrt sysfs information using the
        module mutex.  That may require further thought, but this is the
        correct fix at the kobject layer regardless. ]
      Reported-analyzed-and-tested-by: 's avatarAnatol Pomozov <anatol.pomozov@gmail.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: stable@vger.kernel.org
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      a49b7e82
  31. 07 May, 2012 1 commit
  32. 23 Apr, 2012 1 commit
  33. 10 Apr, 2012 1 commit
    • Dan Williams's avatar
      kobject: provide more diagnostic info for kobject_add_internal() failures · 282029c0
      Dan Williams authored
      1/ convert open-coded KERN_ERR+dump_stack() to WARN(), so that automated
         tools pick up this warning.
      
      2/ include the 'child' and 'parent' kobject names.  This information was
         useful for tracking down the case where scsi invoked device_del() on a
         parent object and subsequently invoked device_add() on a child.  Now the
         warning looks like:
      
           kobject_add_internal failed for target8:0:16 (error: -2 parent: end_device-8:0:24)
           Pid: 2942, comm: scsi_scan_8 Not tainted 3.3.0-rc7-isci+ #2
           Call Trace:
            [<ffffffff8125e551>] kobject_add_internal+0x1c1/0x1f3
            [<ffffffff81075149>] ? trace_hardirqs_on+0xd/0xf
            [<ffffffff8125e659>] kobject_add_varg+0x41/0x50
            [<ffffffff8125e723>] kobject_add+0x64/0x66
            [<ffffffff8131124b>] device_add+0x12d/0x63a
            [<ffffffff8125e0ef>] ? kobject_put+0x4c/0x50
            [<ffffffff8132f370>] scsi_sysfs_add_sdev+0x4e/0x28a
            [<ffffffff8132dce3>] do_scan_async+0x9c/0x145
      
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: James Bottomley <JBottomley@parallels.com>
      Signed-off-by: 's avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      282029c0
  34. 07 Mar, 2012 1 commit
  35. 21 Dec, 2011 1 commit
  36. 12 Jun, 2011 1 commit
    • Al Viro's avatar
      Delay struct net freeing while there's a sysfs instance refering to it · a685e089
      Al Viro authored
      	* new refcount in struct net, controlling actual freeing of the memory
      	* new method in kobj_ns_type_operations (->drop_ns())
      	* ->current_ns() semantics change - it's supposed to be followed by
      corresponding ->drop_ns().  For struct net in case of CONFIG_NET_NS it bumps
      the new refcount; net_drop_ns() decrements it and calls net_free() if the
      last reference has been dropped.  Method renamed to ->grab_current_ns().
      	* old net_free() callers call net_drop_ns() instead.
      	* sysfs_exit_ns() is gone, along with a large part of callchain
      leading to it; now that the references stored in ->ns[...] stay valid we
      do not need to hunt them down and replace them with NULL.  That fixes
      problems in sysfs_lookup() and sysfs_readdir(), along with getting rid
      of sb->s_instances abuse.
      
      	Note that struct net *shutdown* logics has not changed - net_cleanup()
      is called exactly when it used to be called.  The only thing postponed by
      having a sysfs instance refering to that struct net is actual freeing of
      memory occupied by struct net.
      Signed-off-by: 's avatarAl Viro <viro@zeniv.linux.org.uk>
      a685e089