Commit f99d46d5 authored Apr 28, 2021 by Ziye Yang Committed by Tomasz Zawadzki May 11, 2021

bdev/aio: move disk free operation in spdk_io_device_unregister's call back



Recently, checked the spdk_io_device_unregister function,
it will have deferred free behaviour, and the io_device
will possibly be freed in put_io_channel function.

And this means that it is not safe to directly call:
    spdk_io_device_unregister (io_device, NULL);
    Then free io_device relately resource.

Because there will be channel to use the resources associated
with io_device. Then we will possibly cause a NULL pointer access.

I found this issue in bdev rbd module, and I think that the
same issue could happen in other modules. So it is better to put the
resource free function as the call back function.

Change-Id: Icc1f86d72b672faefb3b7f416030b818a8cf45ce
Signed-off-by: Ziye Yang <ziye.yang@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/7646


Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Community-CI: Broadcom CI
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>

parent 47c4304d

module/bdev/aio/bdev_aio.c

+14 −5

Original line number	Diff line number	Diff line
		@@ -246,10 +246,10 @@ bdev_aio_flush(struct file_disk fdisk, struct bdev_aio_task aio_task)
		}
		}

		static int
		bdev_aio_destruct(void *ctx)
		static void
		bdev_aio_destruct_cb(void *io_device)
		{
		struct file_disk *fdisk = ctx;
		struct file_disk *fdisk = io_device;
		int rc = 0;

		TAILQ_REMOVE(&g_aio_disk_head, fdisk, link);
		@@ -257,9 +257,18 @@ bdev_aio_destruct(void *ctx)
		if (rc < 0) {
		SPDK_ERRLOG("bdev_aio_close() failed\n");
		}
		spdk_io_device_unregister(fdisk, NULL);

		aio_free_disk(fdisk);
		return rc;
		}

		static int
		bdev_aio_destruct(void *ctx)
		{
		struct file_disk *fdisk = ctx;

		spdk_io_device_unregister(fdisk, bdev_aio_destruct_cb);

		return 0;
		}

		static int

Admin message