[PATCH] Bsg referencing parent device
From: Anatoliy Glagolev
Date: Wed May 16 2018 - 20:29:54 EST
A follow-up on earlier discussions:
[PATCH] bsg referencing bus driver module
https://www.spinics.net/lists/linux-scsi/msg119631.html
[PATCH] Waiting for scsi_host_template release
https://www.spinics.net/lists/linux-scsi/msg119432.html
All these discussions are attempts to fix a crash after
SCSI transport driver unload if a user-mode process
holds a handle in BSG layer towards the unloaded driver
via SCSI mid-layer:
[16834.636216,07] Call Trace:
... scsi_proc_hostdir_rm
[16834.641944,07] [<ffffffff8141723f>] scsi_host_dev_release+0x3f/0x130
[16834.647740,07] [<ffffffff813e4f82>] device_release+0x32/0xa0
[16834.653423,07] [<ffffffff812dc6c7>] kobject_cleanup+0x77/0x190
[16834.659002,07] [<ffffffff812dc585>] kobject_put+0x25/0x50
[16834.664430,07] [<ffffffff813e5277>] put_device+0x17/0x20
[16834.669740,07] [<ffffffff812d0334>] bsg_kref_release_function+0x24/0x30
[16834.675007,07] [<ffffffff812d14a6>] bsg_release+0x166/0x1d0
[16834.680148,07] [<ffffffff8119ba2b>] __fput+0xcb/0x1d0
[16834.685156,07] [<ffffffff8119bb6e>] ____fput+0xe/0x10
[16834.690017,07] [<ffffffff81077476>] task_work_run+0x86/0xb0
[16834.694781,07] [<ffffffff81057043>] exit_to_usermode_loop+0x6b/0x9a
[16834.699466,07] [<ffffffff81002875>] syscall_return_slowpath+0x55/0x60
[16834.704110,07] [<ffffffff8172d615>] int_ret_from_sys_call+0x25/0x9f
The latest input from earlier discussions was to cut off access
to the unloaded driver at bsg_unregister_queue time by calling
blk_cleanup_queue. If we do that we still have to release
the reference to the parent device (otherwise we crash with
the same stack). The next logical step is, rather than maintaining
a "part-time" reference to be dropped early, we discard
referencing completely.
Discarding the reference turns out to be the only thing needed
to fix the problem: all transport drivers already do blk_cleanup_queue
before releasing their reference to the parent device.