Vasu Dev wrote: > This will ensure exch will get freed if exch ref dropped to zero > in fc_exch_mgr_delete_ep().
> struct fc_exch_mgr *mp; > If we can call fc_exch_mgr_delete_ep() while the last refcount is dropped then if the last fc_exch_release is done here before the hold then it will be freed when we call fc_exch_hold and we could be doing the hold on freed memory. I do not think we should be able to get to this point. Everyone calling it should have a valid ref (or if called from a resp handler calling a exch_done then the caller of the resp handler should have a refcount to the ep). If not then the ref counting is not right. > + fc_exch_hold(ep); > mp = ep->em; > spin_lock_bh(&mp->em_lock); > - if (ep->lp->tt.exch_put) > - ep->lp->tt.exch_put(ep->lp, mp, ep->xid); > WARN_ON(mp->total_exches <= 0); > mp->total_exches--; > mp->exches[ep->xid - mp->min_xid] = NULL; > list_del(&ep->ex_list); > spin_unlock_bh(&mp->em_lock); > + fc_exch_release(ep); > } > > static int fc_exch_done_locked(struct fc_exch *ep) > > _______________________________________________ > devel mailing list > [email protected] > http://www.open-fcoe.org/mailman/listinfo/devel _______________________________________________ devel mailing list [email protected] http://www.open-fcoe.org/mailman/listinfo/devel
