Re: Fix the reproducible oops in scsi

From: OGAWA Hirofumi
Date: Wed Jan 10 2007 - 13:29:48 EST

Next message: Roland Dreier: "Re: [kvm-devel] guest crash on 2.6.20-rc4"
Previous message: Stefan Richter: "Re: macros: "do-while" versus "({ })" and a compile-time error"
In reply to: James Smart: "Re: Fix the reproducible oops in scsi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Smart <James.Smart@xxxxxxxxxx> writes:

> I don't believe this is a valid fix. This is yet another case
> of the reuse-after-free issues on sdevs. The real issue is the
> deleted sdev isn't truly getting deleted due to references, and
> we're deadlocked trying to allocate a new one while the old one
> is outstanding. This fix just jumps over things. You're actually
> using a partially torn down sdev that, if the refcounts ever
> decremented, would be zapped - and you would be in a bunch of trouble.

I see. Can you explain more about reuse-after-free issue on sdevs? Is
there any test case or any info? Or is there any plan to fix it?
--
OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roland Dreier: "Re: [kvm-devel] guest crash on 2.6.20-rc4"
Previous message: Stefan Richter: "Re: macros: "do-while" versus "({ })" and a compile-time error"
In reply to: James Smart: "Re: Fix the reproducible oops in scsi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]