> I'm afraid that without the second half of that patch the following race > is still possible: > - sdev reference count drops to zero while scsi_run_queue() is in > progress and while that sdev is on the starved_list of its SCSI host; > scsi_device_dev_release_usercontext() call is scheduled but not yet > executed. > - scsi_run_queue() takes that sdev off the local starved_list. > - scsi_run_queue() calls get_device() and that call fails since the > sdev reference count is zero. > - scsi_device_dev_release_usercontext() gets scheduled and frees the > sdev. > - scsi_run_queue() proceeds and calls __blk_run_queue() on a freed > queue, which is what we were trying to avoid. Thank you for the explanation. It look correct. Let's check one more thing. What If __scsi_remove_device doesn't release device? : reference count is more than 2. So We lost starved_list but device is exist. Is there any issue about this? Chanho, -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
