On 07/30/2015 01:09 PM, Jason Gunthorpe wrote: > On Thu, Jul 30, 2015 at 12:59:30PM -0400, Doug Ledford wrote: >> On 07/30/2015 12:50 PM, Jason Gunthorpe wrote: >>> On Thu, Jul 30, 2015 at 12:46:52PM -0400, Doug Ledford wrote: >>> >>>> I've pulled this series in for 4.3. There were some additional items in >>>> some of Jason's comments that ought to be looked into, but I think this >>>> patch set has reached the point where it's no worse than existing in >>>> terms of locking, there were just some existing issues that should be >>>> addressed too. >>> >>> Eh? V6 corrupts random kernel memory if you use the hot-removal. >> >> I didn't see that in there. Did I read through the discussion too fast? >> I'll go recheck... > > For a char device you absolutely cannot kfree the cdev in the file > release callback. > > The file still holds a ref on cdev and it will guarenteed use > after-free on cdev during core code struct file cleanup.
OK, I see what happened. The early discussion for patch 3/5 (the problem patch) happened on list without me on Cc:, only the last few messages had me on Cc:. The net result is that I had seen yours and Or's responses in my Inbox some weeks ago and that had leaked out of my head, and what was in my linux-rdma folder didn't have those messages, so when I read through this thread there, it was missing part of that context. When I re-read it via patchworks, all of the messages were in one place. Yishai, I currently have this code in my tree, but I'm going to cull it and wait for a v7 that fixes this problem. Please move that forward if you want to make 4.3. -- Doug Ledford <dledf...@redhat.com> GPG KeyID: 0E572FDD
signature.asc
Description: OpenPGP digital signature