Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp5286597pxv;
        Wed, 28 Jul 2021 07:26:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJynXSZ6zkE7iF1jGIFznwU9w5i5I0ntzfiQD6BdQFRlA/qLzLpgcC321GrViFYGyuBGpYQB
X-Received: by 2002:a05:6638:14c1:: with SMTP id l1mr182178jak.97.1627482377039;
        Wed, 28 Jul 2021 07:26:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1627482377; cv=none;
        d=google.com; s=arc-20160816;
        b=cGNZPLL1/ymooWAK689V5sToeLInGduOIBp/ENsdrk0sLBFFn62J9/VFwzVV+XtuVT
         oWmIrOCl+8bIF7/gkG7T31qfs5xM7y7Hw9LT4nbfdShYv0wNg6X2TdHhgez//jou7fL3
         UjR7tBuFGBhvV6PZ+Yf9SIIX0zcXsCnLeoRwiBo2S75Q5hmXUyzKMmKZiLxNfTT957yl
         Tt3aV2XEewhAQHX3Aaah5Wjcj5IprYfBDtOJ01Ww/FW4M2cbAwedtwJ7zFGbx03LswPO
         MLQxq6QAVnz2BFbX5rZq4hIQ8/n7p+lh+UbGzSv9R7pyVqw5nGlCHyPHyefdYltSjt6B
         DrjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to
         :mime-version:user-agent:date:message-id:from:references:to:subject;
        bh=KR/fWEOFUF4xjGRGt14htPuCmd8NnL//rVTOeSizBNs=;
        b=VFZIXjPGiGnmsmFmcPpBpEJoXVjxE79LK2HLUUnA6Q2n9PAkHe53d/s+npH7zRDo3V
         EWRzYEc7mKOOOl9vF86FBbQK1lr6wJGWCEU8VOQcXAPbzYxUUuXwY272t+uBa03wE6Fj
         ww0Yp1XfECo5wAbdkRzIgB70IvsIXDIfRvzI7hlverEWsIAxzJc9rS06DiC8QGGudEX0
         IsA35Uxr3j0XZxDP656J7e0TdGvvY/i4rXZRQWcRFiO2MWVxx+UniOeFZmmAYgEDtVGs
         HJaAkbOvIJYr4AIwCfkg/SY+AuB2iPCQSx1Cj/4uSNbygPVBQk7LvEG2ccjC0AF680Lk
         /+IQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s22si70703iow.33.2021.07.28.07.26.05;
        Wed, 28 Jul 2021 07:26:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235478AbhG1OYN (ORCPT <rfc822;linux.whf@gmail.com> + 99 others);
        Wed, 28 Jul 2021 10:24:13 -0400
Received: from szxga01-in.huawei.com ([45.249.212.187]:7761 "EHLO
        szxga01-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235349AbhG1OYN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 28 Jul 2021 10:24:13 -0400
Received: from dggeme754-chm.china.huawei.com (unknown [172.30.72.55])
        by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4GZbNg5t9gzYfnm;
        Wed, 28 Jul 2021 22:18:11 +0800 (CST)
Received: from [10.174.178.185] (10.174.178.185) by
 dggeme754-chm.china.huawei.com (10.3.19.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.2176.2; Wed, 28 Jul 2021 22:24:07 +0800
Subject: Re: [PATH v2] scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach
To:     Bart Van Assche <bvanassche@acm.org>, <jejb@linux.ibm.com>,
        <martin.petersen@oracle.com>, <linux-scsi@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
References: <20210113063103.2698953-1-yebin10@huawei.com>
 <a1113b04-e320-a12b-5a59-ec7479d5eec1@acm.org>
From:   yebin <yebin10@huawei.com>
Message-ID: <61016887.9000200@huawei.com>
Date:   Wed, 28 Jul 2021 22:24:07 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <a1113b04-e320-a12b-5a59-ec7479d5eec1@acm.org>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.174.178.185]
X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To
 dggeme754-chm.china.huawei.com (10.3.19.100)
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2021/7/23 12:04, Bart Van Assche wrote:
> On 1/12/21 10:31 PM, Ye Bin wrote:
>>   	sdev->handler_data = NULL;
>> +	synchronize_rcu();
>>   	kfree(h);
> What is the purpose of the new synchronize_rcu() call?
Thanks for your reply.
Yes, I add new synchronize_rcu() call is to wait until *h is no longer 
in use. If free
"h" right now , mybe lead to UAF.
> If its purpose is
> to wait until *h is no longer in use, please use kfree_rcu() instead.
struct rdac_dh_data {
         struct list_head        node;
         .....
}
As rdac_dh_data.node type is "struct list_head", but  kfree_rcu the 
first parameter type is
"struct rcu_head". So we can only use synchronize_rcu() at here.
>
> Thanks,
>
> Bart.
> .
>