On Fri, Mar 07, 2014 at 10:12:09AM -0800, Andy Grover wrote: > >I can't see how the synchronization can work without refcounting the lun > >structure. The lock just protectes the assignment, but you free it > >right after. What happens to how jsut dereferenced it under the lock > >but then uses it outside (e.g. core_dev_add_initiator_node_lun_acl). > > Well you're right, but this is one instance of a larger lio > locking/refcounting hairball. This will be addressed in a separate > patch series.
I don't think that's true. Before your series we might be accessing a lun structure that was marked as not active just before, but now the race becomes a genuine use after free. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
