kobject: grab an extra reference on kobject->sd to allow duplicate deletes

sysfs currently has a rather weird behavior regarding removals.  A
directory removal would delete all files directly under it but
wouldn't recurse into subdirectories, which, while a bit inconsistent,
seems to make sense at the first glance as each directory is
supposedly associated with a kobject and each kobject can take care of
the directory deletion; however, this doesn't really hold as we have
groups which can be directories without a kobject associated with it
and require explicit deletions.

We're in the process of separating out sysfs from kboject / driver
core and want a consistent behavior.  A removal should delete either
only the specified node or everything under it.  I think it is helpful
to support recursive atomic removal and later patches will implement
it.

Such change means that a sysfs_dirent associated with kobject may be
deleted before the kobject itself is removed if one of its ancestor
gets removed before it.  As sysfs_remove_dir() puts the base ref, we
may end up with dangling pointer on descendants.  This can be solved
by holding an extra reference on the sd from kobject.

Acquire an extra reference on the associated sysfs_dirent on directory
creation and put it after removal.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 671868914b5bffb474da2bfbf3933919f8c618ef..105a7e2d166089e0635b350900f86cf3b34fe536 100644 (file)
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -549,7 +549,12 @@ void sysfs_remove_one(struct sysfs_addrm_cxt *acxt, struct sysfs_dirent *sd)
 {
        struct sysfs_inode_attrs *ps_iattr;
 
-       BUG_ON(sd->s_flags & SYSFS_FLAG_REMOVED);
+       /*
+        * Removal can be called multiple times on the same node.  Only the
+        * first invocation is effective and puts the base ref.
+        */
+       if (sd->s_flags & SYSFS_FLAG_REMOVED)
+               return;
 
        sysfs_unlink_sibling(sd);
 

diff --git a/lib/kobject.c b/lib/kobject.c
index 151089788c21e73664d6af1556ad2b9ed27313ea..2fdf7fa9e9bded620f5634fbd976f84da6a099b5 100644 (file)
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -76,6 +76,13 @@ static int create_dir(struct kobject *kobj)
                if (error)
                        sysfs_remove_dir(kobj);
        }
+
+       /*
+        * @kobj->sd may be deleted by an ancestor going away.  Hold an
+        * extra reference so that it stays until @kobj is gone.
+        */
+       sysfs_get(kobj->sd);
+
        return error;
 }
 
@@ -532,10 +539,15 @@ out:
  */
 void kobject_del(struct kobject *kobj)
 {
+       struct sysfs_dirent *sd;
+
        if (!kobj)
                return;
 
+       sd = kobj->sd;
        sysfs_remove_dir(kobj);
+       sysfs_put(sd);
+
        kobj->state_in_sysfs = 0;
        kobj_kset_leave(kobj);
        kobject_put(kobj->parent);