[PATCH] nvme-pci: avoid dereference of symbol from unloaded module
Ming Lei
ming.lei at redhat.com
Wed Nov 8 17:13:54 PST 2017
On Wed, Nov 08, 2017 at 10:15:31AM -0800, Christoph Hellwig wrote:
> On Thu, Nov 02, 2017 at 08:29:27PM +0800, Ming Lei wrote:
> > On Thu, Nov 02, 2017 at 02:10:16PM +0200, Sagi Grimberg wrote:
> > >
> > > > The 'remove_work' may be scheduled to run after nvme_remove()
> > > > returns since we can't simply cancel it in nvme_remove() for
> > > > avoiding deadlock. Once nvme_remove() returns, this module(nvme)
> > > > can be unloaded.
> > > >
> > > > On the other hand, nvme_put_ctrl() calls ctr->ops->free_ctrl
> > > > which may point to nvme_pci_free_ctrl() in unloaded module.
> > > >
> > > > This patch avoids this issue by holding the module refcount before
> > > > scheduling 'remove_work'.
> > >
> > > Why not simply flushing all scheduled works in module exit?
> >
> > The nvme_wq is shared by all kinds of host(PCI, FC, ...), so
> > not good to flush all queued work in 'nvme_wq' just before
> > removing pci host module only.
> >
> > Not mention 'remove_work' is actually scheduled by system wq
> > instead of nvme_wq.
>
> Still seems better than messing with module reference counts.
If 'remove_work' can be queued via 'nvme_wq', I think it is doable to
call flush_workqueue(nvme_wq) in nvme_exit(): drivers/nvme/host/pci.c.
Otherwise, it may not be a good idea to flush the global wq, please
see comment of 'flush_scheduled_work()'.
--
Ming
More information about the Linux-nvme
mailing list