From: David Laight <david.laight.linux@gmail.com>
To: Christian Brauner <brauner@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org,
linux-nfs@vger.kernel.org, bpf@vger.kernel.org,
kunit-dev@googlegroups.com, linux-doc@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, netfs@lists.linux.dev,
io-uring@vger.kernel.org, audit@vger.kernel.org,
rcu@vger.kernel.org, kvm@vger.kernel.org,
virtualization@lists.linux.dev, netdev@vger.kernel.org,
linux-mm@kvack.org, linux-security-module@vger.kernel.org,
Christian Loehle <christian.loehle@arm.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] kthread: remove kthread_exit()
Date: Wed, 11 Mar 2026 10:47:36 +0000 [thread overview]
Message-ID: <20260311104736.51b53405@pumpkin> (raw)
In-Reply-To: <20260310-work-kernel-exit-v2-1-30711759d87b@kernel.org>
On Tue, 10 Mar 2026 15:56:09 +0100
Christian Brauner <brauner@kernel.org> wrote:
> In 28aaa9c39945 ("kthread: consolidate kthread exit paths to prevent use-after-free")
> we folded kthread_exit() into do_exit() when we fixed a nasty UAF bug.
> We left kthread_exit() around as an alias to do_exit(). Remove it
> completely.
...
> -#define module_put_and_kthread_exit(code) kthread_exit(code)
> +#define module_put_and_kthread_exit(code) do_exit(code)
I'm intrigued...
How does that actually know to do the module_put()?
(I know it does one - otherwise my driver wouldn't unload.)
The corresponding try_module_get(THIS_MODULE) is done before the
kthread_run() (and has to be 'put' if that fails).
So there is an explicit 'get' but an implicit 'put'.
While a loadable module that creates a kthread usually needs to give
the kthread a reference to its module and then have that reference
released as the kthread exits, I can imagine cases where that isn't true.
(Or broken code that just hopes the module won't be unloaded just
as the kthread exits.)
It actually makes me think that module_put_and_exit() ought to have
a 'module' parameter.
Or, perhaps, kthread_create() should have the module parameter and
hold a reference to that module until it exits.
David
next prev parent reply other threads:[~2026-03-11 10:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 14:56 [PATCH v2 0/2] kthread, exit: clean up kernel thread exit paths Christian Brauner
2026-03-10 14:56 ` [PATCH v2 1/2] kthread: remove kthread_exit() Christian Brauner
2026-03-10 22:26 ` Frederic Weisbecker
2026-03-11 10:47 ` David Laight [this message]
2026-03-10 14:56 ` [PATCH v2 2/2] tree-wide: rename do_exit() to task_exit() Christian Brauner
2026-03-10 22:30 ` Frederic Weisbecker
2026-03-11 0:02 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260311104736.51b53405@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=audit@vger.kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=christian.loehle@arm.com \
--cc=io-uring@vger.kernel.org \
--cc=kunit-dev@googlegroups.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfs@lists.linux.dev \
--cc=rcu@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=virtualization@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox