Consider the following trivial module:

--- %< ---
#include <linux/module.h>
#include <linux/debugfs.h>

static struct dentry *f;
static u32 tmp;

int __init mod_enter(void)
{
	f =3D debugfs_create_u32("tmp-test", 0666, NULL, &tmp);

	return 0;
}

void __exit mod_leave(void)
{
	debugfs_remove(f);
}

module_init(mod_enter);
module_exit(mod_leave);
MODULE_LICENSE("GPL");
--- >% ---

How do I make that safe?


FWIW, the problem is:

thread 1			thread 2
 fd =3D open("tmp-test")

 sleep(30);			rmmod test-module

 read(fd, buf, 100);

--> accesses now invalid memory because debugfs doesn't actually stop
you from accessing "&tmp" after debugfs_remove(). [yes, I actually
tested a variation of this where I dynamically allocated the 'tmp'
variable, I got the slab poison in my test program]


Personally, I tend to think this makes debugfs rather unusable in
modules and with anything that is dynamically allocated [1]. AFAICT
sysfs avoids this by having object lifetime imposed by sysfs, but
debugfs doesn't work that way.

What am I missing?

johannes

[1] which covers many many current users, it seems at least usbmon,
ohci/ehci/uhci-dbg, pktcdvd, fault injection code, blktrace and probably
more.