On Fri, 2019-04-26 at 17:11 +-0200, Christoph Hellwig wrote: +AD4 On Thu, Apr 25, 2019 at 09:00:31AM +-0800, Ming Lei wrote: +AD4 +AD4 The issue is driver(NVMe) specific, the race window is just between +AD4 +AD4 between blk+AF8-cleanup+AF8-queue() and removing the ns from the controller namspace +AD4 +AD4 list in nvme+AF8-ns+AF8-remove() +AD4 +AD4 And I wouldn't be surprised if others have the same issue. +AD4 +AD4 +AD4 +AD4 +AD4 blk+AF8-mq+AF8-init+AF8-queue() does hold one refcount, and its counter-part is +AD4 +AD4 blk+AF8-cleanup+AF8-queue(). +AD4 +AD4 +AD4 +AD4 It is simply ugly to ask blk+AF8-mq+AF8-init+AF8-queue() to grab a refcnt for driver, +AD4 +AD4 then who is the counter-part for releasing the extra refcount? +AD4 +AD4 Well, the problem is exactly that blk+AF8-cleanup+AF8-queue drops the reference. +AD4 If move the blk+AF8-put+AF8-queue() call from the end of it to the callers the +AD4 callers can keep the reference as long as they need them, and we wouldn't +AD4 need an extra reference. Hi Christoph, There are more than hundred callers of blk+AF8-cleanup+AF8-queue() so that change would cause a lot of churn. Since blk+AF8-get+AF8-queue() and blk+AF8-put+AF8-queue() are available, how inserting a pair of calls to these functions where necessary? Thanks, Bart.
