tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Locking strategy for device deletion (also see PR kern/48536)



Can anyone suggest a reliable way to ensure that a device-driver module can be _really_ safely detached?

The module could theoretically maintain an open/ref counter, but making this MP-safe is "difficult"! Even if the module were to provide a mutex to control increment/decrement of it's counter, there's still a problem:

Thread 1 initiates a module-unload, which takes the mutex

Thread 2 attempts to open the device (or one of its units), attempts to
grab the mutex, and waits

Back in thread 1, the driver's module unload code determines that it is safe to unload (no current activites queued, no current opens), so it
goes forward and unmaps the module - including the mutex!

If the unload code releases the mutex, then thread 2 resumes, at an address which has been unmapped, leading to all sorts of bad-stuff(tm). (And, if the unload code doesn't bother to release the mutex before destroying it, then thread 2 stalls indefinitely.)

There currently doesn't seem to be a safe way to unload driver modules.


Any good MP-safe suggestions?


+------------------+--------------------------+------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+


Home | Main Index | Thread Index | Old Index