[Open-FCoE] [PATCH 1/2] libfc: fixed race in fc_exch_rrq()

Mike Christie michaelc at cs.wisc.edu
Tue Sep 9 15:29:04 UTC 2008

Vasu Dev wrote:
> Removed storing of aborted_ep in rrq_ep since fc_exch_reset() can
> occur on rrq_ep before aborted_ep is stored, in that case rrq_ep
> will be a dangling reference and won't be good to store aborted_ep.
> Therefore storing aborted_ep had racing issue and also this race would
> have left aborted_ep un-freed if rrq_ep is freed before aborted_ep
> could be stored in rrq_ep.
> This patch removed storing of aborted_ep to fix this race and
> instead used aborted_ep from passed ep argument to rrq resp handler,
> so that rrq resp handler will certainly free the aborted_ep before
> rrq ep is freed.
> Also modified fc_exch_rrq() to finish sending rrq with exch lock
> held to prevent fc_exch_reset() running while rrq send is in progess.
> This will eliminate possibility of race with fc_exch_reset() and it
> does saves extra exch locking and unlocking statements in
> fc_exch_rrq() error cases.

I swear there was a good reason for adding the aborted_ep field :) Maybe 
it was from when I was thinking about using del_timer_sync (this was 
before you were going to fix the locking). Oh well. The description and 
patch look good to me. Thanks.

More information about the devel mailing list