[Top] [All Lists]

Re: modular net drivers, take 2

To: Andrew Morton <andrewm@xxxxxxxxxx>
Subject: Re: modular net drivers, take 2
From: Keith Owens <kaos@xxxxxxxxxx>
Date: Wed, 21 Jun 2000 15:12:15 +1000
Cc: "netdev@xxxxxxxxxxx" <netdev@xxxxxxxxxxx>
In-reply-to: Your message of "Wed, 21 Jun 2000 04:24:01 GMT." <39504361.81F03943@xxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
On Wed, 21 Jun 2000 04:24:01 +0000, 
Andrew Morton <andrewm@xxxxxxxxxx> wrote:
>Keith Owens wrote:
>> Anything sleeping loses the lock.  Any sleep in module open code primes
>> the race, if the module_exit code also sleeps the race is triggered.
>You're a hard man, Mr Owens.

I try ...

>So sys_delete_module() isn't allowed to sleep. It's hard to make this
>rule future-safe.

Impossible because sys_delete_module() calls module_exit() which is
allowed to do anything.

>Do you think that the concept of grabbing the entire machine during
>module unload is an acceptable one?  I think it is, because the act of
>actually unloading kernel text is so unique and traumatic.

It is the best solution, if it can be done.  But I have not found any
method of doing this.

>        ...
>       spin_lock(&module_deletion_lock);
>        blocked_cpus = 1 << smp_processor_id();
>        while (blocked_cpus != ((1 << smp_num_cpus) - 1))
>               ;
>       {
>               I think the only code whcih needs to go in
>                here is the call to vfree(module).

sys_delete_module() -> free_module() -> mod->cleanup() -> module_exit()
which is entered with module_deletion_lock held.  You just constrained
all module cleanup code to never sleep - no chance.

For sys_delete_module() to "grab" the entire machine it has to exclude
all processors from entering the module being unloaded (not too
difficult), to verify that no processor is currently executing the code
pages (a bit harder) and that no suspended process or timer queue will
ever pop its stack and return into those code pages (the really hard

<Prev in Thread] Current Thread [Next in Thread>