On Wed, Sep 28, 2022 at 12:27:07PM -0700, Bart Van Assche wrote: > On 9/27/22 18:09, Ming Lei wrote: > > On Wed, Sep 14, 2022 at 03:56:20PM -0700, Bart Van Assche wrote: > > > Some kernel modules call device_del() from their module exit code and > > > schedule asynchronous work from inside the .release callback without waiting > > > until that callback has finished. As an example, many SCSI LLD drivers call > > > > It isn't only related with device, any kobject has such issue, or any > > reference counter usage has similar potential risk, see previous discussion: > > > > https://lore.kernel.org/lkml/YsZm7lSXYAHT14ui@T590/ > > > > IMO, it is one fundamental problem wrt. module vs. reference counting or > > kobject uses at least, since the callback depends on module code > > segment. > > > > > scsi_remove_host() from their module exit code. scsi_remove_host() may > > > invoke scsi_device_dev_release_usercontext() asynchronously. > > > scsi_device_dev_release_usercontext() uses the host template pointer and > > > that pointer usually exists in static storage in the SCSI LLD. Support > > > using the module reference count to keep the module around until > > > asynchronous module exiting has completed by waiting in the delete_module() > > > system call until the module reference count drops to zero. > > > > The issue can't be addressed by the normal mod->refcnt, since user need > > to unload module when the device isn't used. > > Hi Ming, > > How about removing support for calling scsi_device_put() from atomic context > as is done in the untested patch below? That can't work. The problem is that no existed mechanism can guarantee that kobject reference drops to zero inside module_exit(). Thanks, Ming
