[PATCH] nvme-pci: avoid dereference of symbol from unloaded module
Christoph Hellwig
hch at infradead.org
Wed Nov 8 10:15:31 PST 2017
On Thu, Nov 02, 2017 at 08:29:27PM +0800, Ming Lei wrote:
> On Thu, Nov 02, 2017 at 02:10:16PM +0200, Sagi Grimberg wrote:
> >
> > > The 'remove_work' may be scheduled to run after nvme_remove()
> > > returns since we can't simply cancel it in nvme_remove() for
> > > avoiding deadlock. Once nvme_remove() returns, this module(nvme)
> > > can be unloaded.
> > >
> > > On the other hand, nvme_put_ctrl() calls ctr->ops->free_ctrl
> > > which may point to nvme_pci_free_ctrl() in unloaded module.
> > >
> > > This patch avoids this issue by holding the module refcount before
> > > scheduling 'remove_work'.
> >
> > Why not simply flushing all scheduled works in module exit?
>
> The nvme_wq is shared by all kinds of host(PCI, FC, ...), so
> not good to flush all queued work in 'nvme_wq' just before
> removing pci host module only.
>
> Not mention 'remove_work' is actually scheduled by system wq
> instead of nvme_wq.
Still seems better than messing with module reference counts.
More information about the Linux-nvme
mailing list