Date: Tue, 13 Jun 2006 08:56:54 -0400 From: John Baldwin <jhb@freebsd.org> To: Ian Dowse <iedowse@iedowse.com> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org, Ian Dowse <iedowse@freebsd.org> Subject: Re: cvs commit: src/sys/sys firmware.h src/sys/kern subr_firmware.c Message-ID: <200606130856.55255.jhb@freebsd.org> In-Reply-To: <200606130150.aa12882@nowhere.iedowse.com> References: <200606130150.aa12882@nowhere.iedowse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 12 June 2006 20:50, Ian Dowse wrote: > In message <200606121631.07177.john@baldwin.cx>, John Baldwin writes: > >On Saturday 10 June 2006 13:04, Ian Dowse wrote: > >> Keep firmware images on the list until they have been unregistered > >> with firmware_unregister(). Previously when the last driver reference > >> had been dropped we would clear the list entry under the assumption > >> that the firmware module was about to be unloaded, but this was not > >> true if the firmware image had been loaded manually with kldload. > > > >I think you still need to clear the entire entry in unloadentry() and no= t just > >clear fp->file. Otherwise, another thread could gain a reference on thi= s=20 > >entry in the table after you drop the firmware mutex and before=20 > >firmware_unregister() is ran by the kernel linker. >=20 > That would bring back the original issue where a manually kldloaded > firmware image would be removed from the list when a driver calls > firmware_put(), even though the kld will remain loaded; there is > nothing that a driver can do to get the entry back on the list since > calling linker_reference_module() will not result in a call to > firmware_register() because the module is already (manually) loaded. No it wouldn't. :) unloadentry() is only called when we are unloading an explicitly loaded module from the taskqueue. That is where I think the 'fp->file =3D NULL' should be changed to 'clearentry()'. Either that or don't clear fp->file at all. > Shouldn't this race be fixed by your other suggested change of > having a firmware_unregister() failure preventing the image module > from unloading? (I didn't realise it wasn't already checking) The > firmware_unregister() function atomically checks for references and > clears the full entry, so with your change there is no way for the > module to be unloaded while a reference exists. No. You've cleared fp->file. This means that if the other thread gets a reference, the firmware_unregister() will fail, but now the kernel will never unload this file on a subsequent firmware_put() since it won't see that it was explicitly loaded by the kernel since fp->file =3D=3D NULL. The awk script patch fixes a different race where kldunload would succeed even though there were open references and drivers would have pointers into unmapped memory (or possibly mapped to something else). =2D-=20 John Baldwin <jhb@FreeBSD.org> =A0<>< =A0http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" =A0=3D =A0http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606130856.55255.jhb>