From: Christoph Hellwig <hch@lst.de>
To: Junichi Nomura <j-nomura@ce.jp.nec.com>
Cc: linux-scsi <linux-scsi@vger.kernel.org>,
Christoph Hellwig <hch@lst.de>, Hannes Reinecke <hare@suse.de>
Subject: Re: [REGRESSION v4.3] scsi_dh: use-after-free when removing scsi device
Date: Wed, 30 Sep 2015 17:18:57 +0200 [thread overview]
Message-ID: <20150930151857.GA26594@lst.de> (raw)
In-Reply-To: <20150930003549.GA4857@xzibit.linux.bs1.fc.nec.co.jp>
On Wed, Sep 30, 2015 at 12:35:50AM +0000, Junichi Nomura wrote:
> With v4.3-rc3, stress testing of SCSI device addition/removal quickly
> trigger random crash in memory allocator (e.g. __kmalloc). I found that
> a commit 086b91d052eb ("scsi_dh: integrate into the core SCSI code")
> moved the call of scsi_dh->detach() to very early part of sdev tear down
> process (scsi_remove_device()). As a result, related data structure such
> as alua_dh_data can be freed while rtpg/stpg are still in-flight.
Hi Junichi,
the code should have been called from that early in the process before,
as it was called from the bus notifier that was called first in device_del.
While something in this series obviously caused the regression are you
sure it's exactly this patch?
next prev parent reply other threads:[~2015-09-30 15:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-30 0:35 [REGRESSION v4.3] scsi_dh: use-after-free when removing scsi device Junichi Nomura
2015-09-30 9:28 ` Hannes Reinecke
2015-09-30 10:35 ` Boaz Harrosh
2015-09-30 14:49 ` Hannes Reinecke
2015-09-30 15:18 ` Christoph Hellwig [this message]
2015-10-01 0:56 ` Junichi Nomura
2015-10-01 4:38 ` Junichi Nomura
2015-10-01 5:21 ` Christoph Hellwig
2015-10-01 11:40 ` Junichi Nomura
2015-10-04 7:42 ` Christoph Hellwig
2015-10-07 5:55 ` Junichi Nomura
2015-10-04 7:43 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150930151857.GA26594@lst.de \
--to=hch@lst.de \
--cc=hare@suse.de \
--cc=j-nomura@ce.jp.nec.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).