Page MenuHomeFreeBSD
Differential D49334

cdev: dev_copyname copies a character device's name to a buffer
AcceptedPublic
Actions

Authored by jhb on Wed, Mar 12, 7:58 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 16, 1:58 PM
Unknown Object (File)
Fri, Mar 14, 7:07 PM
Unknown Object (File)
Fri, Mar 14, 5:04 PM
Unknown Object (File)
Fri, Mar 14, 11:52 AM
Unknown Object (File)
Thu, Mar 13, 6:14 AM
Unknown Object (File)
Thu, Mar 13, 6:08 AM
Unknown Object (File)
Thu, Mar 13, 3:50 AM
Subscribers
imp
olce

Details

Reviewers
kib
Summary

This function can be called while not in a cdevsw method unlike
devtoname which requires the caller to hold a reference on the cdev.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 62891
Build 59775: arc lint + arc unit

Event Timeline

jhb created this revision.Wed, Mar 12, 7:58 PM
Herald added subscribers: olce, imp. · View Herald TranscriptWed, Mar 12, 7:58 PM
jhb requested review of this revision.Wed, Mar 12, 7:58 PM
jhb added a parent revision: D49333: device_pager: Assert that the handle is not NULL.
Harbormaster completed remote builds in B62891: Diff 152190.Wed, Mar 12, 7:58 PM
jhb added a child revision: D49335: device_pager: Add cdev_pager_get_path to retrieve the "path" for an object.Wed, Mar 12, 7:59 PM
kib added a comment.Wed, Mar 12, 10:15 PM

The reference on cdev still must be held, otherwise dev_refthread() might end up accessing freed memory. For instance, for the csw methods, the safety comes from the fact that devfs VCHR vnodes keep such references on cdev.
Then, cdev->si_name memory is part of the struct cdev, and we do not modify it until free, so dev_copyname() alone is somewhat excessive. Note that vm_object_list_handler() use of dev_refthread() is a) to avoid reporting names for dead VCHR nodes b) to provide some extra safety for obj->cdev memory walk. b) might be too cautious.

kib accepted this revision.Wed, Mar 12, 10:25 PM
This revision is now accepted and ready to land.Wed, Mar 12, 10:25 PM
jhb added a comment.Thu, Mar 13, 5:01 PM
In D49334#1125116, @kib wrote:

The reference on cdev still must be held, otherwise dev_refthread() might end up accessing freed memory. For instance, for the csw methods, the safety comes from the fact that devfs VCHR vnodes keep such references on cdev.
Then, cdev->si_name memory is part of the struct cdev, and we do not modify it until free, so dev_copyname() alone is somewhat excessive. Note that vm_object_list_handler() use of dev_refthread() is a) to avoid reporting names for dead VCHR nodes b) to provide some extra safety for obj->cdev memory walk. b) might be too cautious.

Hmmm, I was worried that other device pagers might want to also use this if they store a pointer to their cdev in the handle they use for the pager (like the netmap case) vs just inlining the logic into old_cdev_pager_path. Do you think the dead VCHR case is just as relevant for other device pager objects?

kib added a comment.Thu, Mar 13, 5:11 PM
In D49334#1125306, @jhb wrote:
In D49334#1125116, @kib wrote:

The reference on cdev still must be held, otherwise dev_refthread() might end up accessing freed memory. For instance, for the csw methods, the safety comes from the fact that devfs VCHR vnodes keep such references on cdev.
Then, cdev->si_name memory is part of the struct cdev, and we do not modify it until free, so dev_copyname() alone is somewhat excessive. Note that vm_object_list_handler() use of dev_refthread() is a) to avoid reporting names for dead VCHR nodes b) to provide some extra safety for obj->cdev memory walk. b) might be too cautious.

Hmmm, I was worried that other device pagers might want to also use this if they store a pointer to their cdev in the handle they use for the pager (like the netmap case) vs just inlining the logic into old_cdev_pager_path. Do you think the dead VCHR case is just as relevant for other device pager objects?

It could be, it really depends on what d_close() does.

jhb added a comment.Fri, Mar 14, 5:44 PM
In D49334#1125310, @kib wrote:
In D49334#1125306, @jhb wrote:
In D49334#1125116, @kib wrote:

The reference on cdev still must be held, otherwise dev_refthread() might end up accessing freed memory. For instance, for the csw methods, the safety comes from the fact that devfs VCHR vnodes keep such references on cdev.
Then, cdev->si_name memory is part of the struct cdev, and we do not modify it until free, so dev_copyname() alone is somewhat excessive. Note that vm_object_list_handler() use of dev_refthread() is a) to avoid reporting names for dead VCHR nodes b) to provide some extra safety for obj->cdev memory walk. b) might be too cautious.

Hmmm, I was worried that other device pagers might want to also use this if they store a pointer to their cdev in the handle they use for the pager (like the netmap case) vs just inlining the logic into old_cdev_pager_path. Do you think the dead VCHR case is just as relevant for other device pager objects?

It could be, it really depends on what d_close() does.

Hmm, to be clear, by a dead VCHR node, you mean that destroy_dev() has been called, but the VM object is still around? My assumption is a character device using the default device pager can't be safely destroyed unless it knows for certain that the VM object doesn't exist (which is hard to do without races).

kib added a comment.Sat, Mar 15, 5:19 PM
In D49334#1125648, @jhb wrote:

Hmm, to be clear, by a dead VCHR node, you mean that destroy_dev() has been called, but the VM object is still around? My assumption is a character device using the default device pager can't be safely destroyed unless it knows for certain that the VM object doesn't exist (which is hard to do without races).

Yes and yes.

Revision Contents
Changeset List

PathSize
sys/
kern/
13 lines
sys/
1 line

Diff 152190

View Options

sys/kern/kern_conf.c

Loading...
View Options

sys/sys/conf.h

Loading...