Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752025AbbFHE2V (ORCPT <rfc822;w@1wt.eu>);
	Mon, 8 Jun 2015 00:28:21 -0400
Received: from mx0a-0016f401.pphosted.com ([67.231.148.174]:27614 "EHLO
	mx0a-0016f401.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1751419AbbFHE2N (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 8 Jun 2015 00:28:13 -0400
From: Lisa Du <cldu@marvell.com>
To: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: A race condition between debugfs and seq_file operation
Thread-Topic: A race condition between debugfs and seq_file operation
Thread-Index: AQHQoaOGA0gdqb5zJkWNmEry1J5dTw==
Date: Mon, 8 Jun 2015 04:28:10 +0000
Message-ID: <3626bdb18cfc40c98618d0ee68816ab0@SC-EXCH04.marvell.com>
References: <CAG9bXvm70+hE5qsk1UGCzXn3d6FcDs1AJhjM-Homcsu2OmHt6w@mail.gmail.com>
	<CAG9bXv=xFZfuX26OXA+5Go38+JXbq-rwbhcjnyKdTacerRtCvA@mail.gmail.com>
 <CAG9bXvnTPkD8ZDKNakqzKVuJ+iOETdYj6=R2moTnmdUP=X1YVw@mail.gmail.com>
In-Reply-To: <CAG9bXvnTPkD8ZDKNakqzKVuJ+iOETdYj6=R2moTnmdUP=X1YVw@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.93.176.43]
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151,1.0.33,0.0.0000
 definitions=2015-06-08_04:2015-06-05,2015-06-08,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0
 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=7.0.1-1402240000 definitions=main-1506080082
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by nfs id t584SP07019218
Content-Length: 1192
Lines: 31

Hi, All
Recently I met one race condition related to debugfs.

Take an example from ion.c in kernel3.14:
static int ion_debug_client_open(struct inode *inode, struct file *file)
{
	return single_open(file, ion_debug_client_show, inode->i_private);
}

static const struct file_operations debug_client_fops = {
	.open = ion_debug_client_open,
	.read = seq_read,
	.llseek = seq_lseek,
	.release = single_release,
};
client->debug_root = debugfs_create_file(client->display_name, 0664,
					dev->clients_debug_root,
					client, &debug_client_fops);

I find during I read the debugfs node, driver can do debugfs_remove_recursive(dentry);
Is it expected?  

In this case, when do the seq_file read, it grabs the seq_file->lock;
While in debugfs_remove_recursive(), it graps "parent->d_inode->i_mutex".
So there seems no protection between the ion_debug_client_show() and debugfs_remove_recursive().

Please let me know if I didn't describe the issue clear.
Would you help to comment if there's method to avoid such issue?

Best Regards.
????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m????????????I?