Received:  by oss.sgi.com id <S42346AbQFUBUN>;
	Tue, 20 Jun 2000 18:20:13 -0700
Received: from [203.126.247.144] ([203.126.247.144]:916 "EHLO zsngs001")
	by oss.sgi.com with ESMTP id <S42305AbQFUBTt>;
	Tue, 20 Jun 2000 18:19:49 -0700
Received: from zsngd101.asiapac.nortel.com (actually znsgd101) by zsngs001;
          Wed, 21 Jun 2000 09:18:44 +0800
Received: from zctwb003.asiapac.nortel.com ([47.152.32.111]) 
          by zsngd101.asiapac.nortel.com 
          with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) 
          id NBKHBV75; Wed, 21 Jun 2000 09:18:48 +0800
Received: from pwold011.asiapac.nortel.com ([47.181.193.45]) 
          by zctwb003.asiapac.nortel.com 
          with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) 
          id NCLF8DF1; Wed, 21 Jun 2000 11:18:51 +1000
Received: from uow.edu.au (IDENT:akpm@localhost [127.0.0.1]) 
          by pwold011.asiapac.nortel.com (8.9.3/8.9.3) with ESMTP id LAA27176;
          Wed, 21 Jun 2000 11:18:43 +1000
Message-ID: <395017F3.516165AD@uow.edu.au>
Date:   Wed, 21 Jun 2000 01:18:43 +0000
X-Sybari-Space: 00000000 00000000 00000000
From:   Andrew Morton <andrewm@uow.edu.au>
X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.4.0-test1-ac10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To:     Keith Owens <kaos@ocs.com.au>
CC:     "netdev@oss.sgi.com" <netdev@oss.sgi.com>
Subject: Re: modular net drivers, take 2
References: Your message of "Tue,
            20 Jun 2000 17:38:57 +0200." <20000620173857.A4089@fred.muc.de> <4490.961537968@ocs3.ocs-net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Orig: <andrewm@uow.edu.au>
Sender: owner-netdev@oss.sgi.com
Precedence: bulk
Return-Path: <owner-netdev@oss.sgi.com>
X-Orcpt: rfc822;netdev-outgoing

Keith Owens wrote:
> 
> On Tue, 20 Jun 2000 17:38:57 +0200,
> Andi Kleen <ak@muc.de> wrote:
> >On Tue, Jun 20, 2000 at 02:04:35PM +0200, Andrew Morton wrote:
> >> - sys_ioctl() and sys_delete_module() both already claim
> >>   the big lock, so where's the race anyway?  I feel I'm missing
> >>   something..
> >I guess there are some time critical ioctls that should be run outside
> >kernel lock though. It is far too late to audit them all though.
> 
> ioctls are not a problem, as long as they use a file descriptor, i.e.
> no global ioctls.  Getting a file descriptor requires open() or its
> equivalent which set the module use_count.  The race is in open, I
> don't know of any races after use_count is set and open() has complete
> and left the module.

I don't think you're right here, Keith.

ioctls on the netdevice don't require a descriptor which is associated
with dev->open().  For example, Donald's mii-diag application and
ifconfig both call device-specific functions without ever having called
dev->open():

modprobe driver
mii-diag -v eth0
ifconfig -a

In this example, both dev->ioctl() and dev->get_stats() are called while
the module refcount is zero.   So they're as risky as open(); these code
paths need to be audited for races wrt kmalloc->schedule()
opportunities.



How about a totally different approach:

In the module_exit() we locate all netdevices associated with this
module and overwrite all their function pointers with the addresses of
non-modular stub functions which return ENODEV.  Then we don't have to
worry about device methods being called after unload.

The PCI code does it for us; not sure about non-PCI device management
though.

in xxx_probe1():
	dev->owner = THIS_MODULE;	/* Sorry, Rusty */

in xx_remove1():
	zap_netdevice(dev);

zap_netdevice(dev)
{
	dev->open = err_open;
	dev->start_xmit = err_start_xmit;
	etc
|