• I
    rbd: don't free rbd_dev outside of the release callback · dd5ac32d
    Ilya Dryomov 提交于
    struct rbd_device has struct device embedded in it, which means it's
    part of kobject universe and has an unpredictable life cycle.  Freeing
    its memory outside of the release callback is flawed, yet commits
    200a6a8b ("rbd: don't destroy rbd_dev in device release function")
    and 8ad42cd0 ("rbd: don't have device release destroy rbd_dev")
    moved rbd_dev_destroy() out to rbd_dev_image_release().
    
    This commit reverts most of that, the key points are:
    
    - rbd_dev->dev is initialized in rbd_dev_create(), making it possible
      to use rbd_dev_destroy() - which is just a put_device() - both before
      we register with device core and after.
    
    - rbd_dev_release() (the release callback) is the only place we
      kfree(rbd_dev).  It's also where we do module_put(), keeping the
      module unload race window as small as possible.
    
    - We pin the module in rbd_dev_create(), but only for mapping
      rbd_dev-s.  Moving image related stuff out of struct rbd_device into
      another struct which isn't tied with sysfs and device core is long
      overdue, but until that happens, this will keep rbd module refcount
      (which users can observe with lsmod) sane.
    
    Fixes: http://tracker.ceph.com/issues/12697
    
    Cc: Alex Elder <elder@linaro.org>
    Signed-off-by: NIlya Dryomov <idryomov@gmail.com>
    dd5ac32d
rbd.c 146.3 KB