On Wed, Apr 20, 2016 at 03:03:12PM -0400, James Bottomley wrote:
> On Wed, 2016-04-20 at 15:24 +0200, Hannes Reinecke wrote:
> > When pushing items on a workqueue we cannot take reference
> > when the workqueue item is executed, as the structure might
> > already been freed at that time.
> > So instead we need to take a reference before adding it
> > to the workqueue, thereby ensuring that the workqueue item
> > will always be valid.
>
> Have you actually seen this happen? The rdata structure is fully ref
> counted, so if it's done a final put, then something should see
> unreferenced memory. It looks like the model is that the final put is
> done from the queue, so I don't quite see how you can lose the final
> reference in either of the places you alter.
>
I _think_ I have seen this, however I'm not 100% certain. What I can say
is, I have crash dumps of lpfc, fnic and bnx2fc with either no longer
vaild pointers (use after free) or overwritten pointers (one has ASCII
'O' 'W' 'N' written to it), but I never have had a chance to reproduce
them in a test environment. It's even possible that these are all totally
unrelated issues, again, I'm not certain at all.
Byte,
Johannes
--
Johannes Thumshirn Storage
[email protected] +49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
