I was considering the following scenario wherein the "if
(scsi_device_created(sdev))" test at the end would test garbage at
best (or unmapped data):
if (!(sdev = scsi_device_lookup_by_target(starget, 0))) { // not found
sdev = scsi_alloc_sdev(starget, 0, NULL); // -> ref cnt = 2
...
if (scsi_device_get(sdev)) { // -> ref cnt = 3
...
}
...
}
...
res = scsi_probe_and_add_lun(starget, // ->
ref cnt = 1
...
scsi_device_put(sdev); // -> reclaimed
if (scsi_device_created(sdev)) // test on garbage or unmapped data (#PF)
...
On Tue, Nov 12, 2013 at 5:57 PM, James Bottomley
<James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote:
> On Tue, 2013-11-12 at 17:10 -0800, David Decotigny wrote:
>> This patch avoids to use an object after it was potentially reclaimed
>> by scsi_device_put().
>
> The analysis is wrong, I'm afraid. __scsi_remove_device() does the
> final put for devices that are being destroyed. If the device isn't in
> the created state, then it's long lived and nothing in the report lun
> scan does the final put.
>
> James
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
