And we've already seen this, even without this change - e.g. the target was
2/3's torn down when we created a new one....
what this really sounds like then is that we need to stop the teardown and
reuse the structure - or - figure out a way to make the kobj teardown happen
sooner so that we reuse the namespace (or disconnect the namespace and the
structures).
-- james
James Bottomley wrote:
On Thu, 2006-06-15 at 12:55 -0400, James Smart wrote:
When reaping the starget, after all sdev's have been removed, the starget
was queued for deletion via usercontext, but was left on the shost's
__targets list. Another scanning thread can match the starget and use it,
causing reference after free problems.
This patch unlinks the starget at the same time it is scheduled for deletion.
This cannot be done this way. The problem it will introduce is that
we'll think the target has gone and possibly reallocate its name before
device_del is called on it (which means if the new device gets added, it
will return -EEXIST and everything will go wrong).
Where is the actual reference coming from ... perhaps the using place
should simply be checking the state.
James
-
: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
