Jens-- I think it's a race condition-- the individual closures remain valid. It's just that the list element has different meanings-- it's either a list actively being used to wake, or a linkage on one of several lists that is being used to await wake. If a closure goes back to wait very quickly after being woken, it can end up connecting its new wait-list with the being-woken list. Mike On Wed, Sep 27, 2017 at 1:27 PM, Jens Axboe <axboe@xxxxxxxxx> wrote: > On 09/27/2017 09:16 PM, Coly Li wrote: >> Hi Jens, >> >> Could you please take a look on this patch? It will be helpful if we can >> have it in 4.14, then we can fix a bug introduced in 4.14-rc1. >> >> This patch is reported by Michael Lyle, reviewed by Byungchul Park, and >> finally verified by Michael Lyle after I posted the patch. > > It looks fine to me, I'll get it queued up. BTW, it's technically > a use-after-free bug, not a race condition. > > -- > Jens Axboe > > -- > To unsubscribe from this list: send the line "unsubscribe linux-bcache" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-bcache" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
