[PATCH] nvme-fabrics: get ctrl reference in nvmf_dev_write
Christoph Hellwig
hch at lst.de
Tue Jul 12 19:18:31 PDT 2016
On Tue, Jul 12, 2016 at 03:38:42PM -0700, Ming Lin wrote:
> From: Ming Lin <ming.l at samsung.com>
>
> Below crash was triggered when shutting down a nvme host node
> via 'reboot' that has 1 target device attached.
>
> That's because nvmf_dev_release() put the ctrl reference, but
> we didn't get the reference in nvmf_dev_write().
>
> So the ctrl was freed in nvme_rdma_free_ctrl() before nvme_rdma_free_ring()
> was called.
The ->create_ctrl methods do a kref_init for the main refererence,
and a kref_get for the reference that nvmf_dev_release drops,
so I'm a bit confused how this case could happen. I think we'll need to
dig a bit deeper on what's actually happening here.
More information about the Linux-nvme
mailing list