On Fri, 2014-03-07 at 10:22 -0800, Christoph Hellwig wrote: > On Fri, Mar 07, 2014 at 10:12:09AM -0800, Andy Grover wrote: > > >I can't see how the synchronization can work without refcounting the lun > > >structure. The lock just protectes the assignment, but you free it > > >right after. What happens to how jsut dereferenced it under the lock > > >but then uses it outside (e.g. core_dev_add_initiator_node_lun_acl). > > > > Well you're right, but this is one instance of a larger lio > > locking/refcounting hairball. This will be addressed in a separate > > patch series. > > I don't think that's true. Before your series we might be accessing a > lun structure that was marked as not active just before, but now the > race becomes a genuine use after free. > FYI, since v3.13 code se_lun is using percpu refcounting with commit 5277797d.. --nab -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
