Avoiding sysfs surprises
Posted Sep 25, 2003 14:58 UTC (Thu) by stripes
Parent article: Avoiding sysfs surprises
All seems well, except for the small problem of that user process. By
sitting in the directory, it maintains a reference there. The open attribute file is yet another
reference. If the driver has truly cleaned up and freed the devices, the user process will be
holding structures with pointers into freed memory. An attempt to read the (already open)
attribute file at this point is almost certain to crash the system.
There is another way this can be handled. In BSD at least (and I assume Linux) "umount
-f" forcibly unmounts a filesystem even when files are still open. The open files handles
have their in memory VNODEs replaced with VNODEs from the "dead file system" which
returns an error for every attempt to use it except for close. That is also done with tty/pttys
that have hangup called for them, and some other places where file handles (or VNODE
backed memory segments) become invalid (and there is a command line utility to revoke
access in case there is a wee security lapse...).
It is a useful concept, and a lot simpler then reference counting. In a few cases "more
correct" as well. In this case, for things like hot plugable devices it seems like the right
thing. For other stuff that might show up on sysfs, maybe not (should a processes memory
image stay around after the process is kill -9'ed just because a debugger has the image
open via sysfs?).
to post comments)