On Tue, Jul 26, 2016 at 04:28:21PM +0200, ggar...@abra.uab.cat wrote: > @@ -493,6 +524,9 @@ static int vhost_vsock_dev_open(struct inode *inode, > struct file *file) > goto out; > } > > + setup_timer(&vsock->tx_kick, > + vhost_vsock_rehandle_tx_kick, (unsigned long) NULL); > + > vqs[VSOCK_VQ_TX] = &vsock->vqs[VSOCK_VQ_TX]; > vqs[VSOCK_VQ_RX] = &vsock->vqs[VSOCK_VQ_RX]; > vsock->vqs[VSOCK_VQ_TX].handle_kick = vhost_vsock_handle_tx_kick; > @@ -555,6 +589,7 @@ static int vhost_vsock_dev_release(struct inode *inode, > struct file *file) > vhost_dev_stop(&vsock->dev); > vhost_dev_cleanup(&vsock->dev, false); > kfree(vsock->dev.vqs); > + del_timer(&vsock->tx_kick);
Please use del_timer_sync() so that we know the timer callback has finished executing if it's racing with us. Also please figure out the correct ordering of this call so vhost_poll_queue() doesn't crash if the timer fires while we are executing vhost_vsock_dev_release(). In other words, vq and vq->poll must still be alive when we delete the timer, otherwise the callback could fire an run on a vq that has already been cleaned up by vhost_vsock_dev_release().
signature.asc
Description: PGP signature
