On Tue, Apr 14, 2020 at 04:19:00AM +0000, Luis Chamberlain wrote: > Ensure that the request_queue is refcounted during its full > ioctl cycle. This avoids possible races against removal, given > blk_get_queue() also checks to ensure the queue is not dying. > > This small race is possible if you defer removal of the request_queue > and userspace fires off an ioctl for the device in the meantime. Hmm, where exactly does the race come in so that it can only happen after where you take the reference, but not before it? I'm probably missing something, but that just means it needs to be explained a little better :)
