On Wed, Apr 20, 2016 at 03:03:12PM -0400, James Bottomley wrote: > On Wed, 2016-04-20 at 15:24 +0200, Hannes Reinecke wrote: > > When pushing items on a workqueue we cannot take reference > > when the workqueue item is executed, as the structure might > > already been freed at that time. > > So instead we need to take a reference before adding it > > to the workqueue, thereby ensuring that the workqueue item > > will always be valid. > > Have you actually seen this happen? The rdata structure is fully ref > counted, so if it's done a final put, then something should see > unreferenced memory. It looks like the model is that the final put is > done from the queue, so I don't quite see how you can lose the final > reference in either of the places you alter. > I _think_ I have seen this, however I'm not 100% certain. What I can say is, I have crash dumps of lpfc, fnic and bnx2fc with either no longer vaild pointers (use after free) or overwritten pointers (one has ASCII 'O' 'W' 'N' written to it), but I never have had a chance to reproduce them in a test environment. It's even possible that these are all totally unrelated issues, again, I'm not certain at all. Byte, Johannes -- Johannes Thumshirn Storage jthumshirn@xxxxxxx +49 911 74053 689 SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850 -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
