[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2023101917-till-unshackle-5098@gregkh>
Date: Thu, 19 Oct 2023 17:37:44 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Antoine Tenart <atenart@...nel.org>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
edumazet@...gle.com, netdev@...r.kernel.org, mhocko@...e.com,
stephen@...workplumber.org
Subject: Re: [RFC PATCH net-next 1/4] net-sysfs: remove rtnl_trylock from
device attributes
On Thu, Oct 19, 2023 at 10:13:29AM +0200, Antoine Tenart wrote:
> Quoting Greg KH (2023-10-18 18:49:18)
> > On Wed, Oct 18, 2023 at 05:47:43PM +0200, Antoine Tenart wrote:
> > > +static inline struct kernfs_node *sysfs_rtnl_lock(struct kobject *kobj,
> > > + struct attribute *attr,
> > > + struct net_device *ndev)
> > > +{
> > > + struct kernfs_node *kn;
> > > +
> > > + /* First, we hold a reference to the net device we might use in the
> > > + * locking section as the unregistration path might run in parallel.
> > > + * This will ensure the net device won't be freed before we return.
> > > + */
> > > + dev_hold(ndev);
> > > + /* sysfs_break_active_protection was introduced to allow self-removal of
> > > + * devices and their associated sysfs files by bailing out of the
> > > + * sysfs/kernfs protection. We do this here to allow the unregistration
> > > + * path to complete in parallel. The following takes a reference on the
> > > + * kobject and the kernfs_node being accessed.
> > > + *
> > > + * This works because we hold a reference onto the net device and the
> > > + * unregistration path will wait for us eventually in netdev_run_todo
> > > + * (outside an rtnl lock section).
> > > + */
> > > + kn = sysfs_break_active_protection(kobj, attr);
> > > + WARN_ON_ONCE(!kn);
> >
> > If this triggers, you will end up rebooting the machines that set
> > panic-on-warn, do you mean to do that? And note, the huge majority of
> > Linux systems in the world have that enabled, so be careful.
>
> Right. My understanding was this can not happen here and I added this
> one as a "that should not happen and something is really wrong", as the
> attribute should be valid until at least the call to
> sysfs_break_active_protection.
If it can not happen, then no need to ever check it. If it can happen,
then check for it and handle the error. Don't cheat and try to rely on
WARN_ON() to paper over lazy programming :)
thanks,
greg k-h
Powered by blists - more mailing lists