rbd: don't free rbd_dev outside of the release callback
struct rbd_device has struct device embedded in it, which means it's
part of kobject universe and has an unpredictable life cycle. Freeing
its memory outside of the release callback is flawed, yet commits
200a6a8be5db ("rbd: don't destroy rbd_dev in device release function")
and
8ad42cd0c002 ("rbd: don't have device release destroy rbd_dev")
moved rbd_dev_destroy() out to rbd_dev_image_release().
This commit reverts most of that, the key points are:
- rbd_dev->dev is initialized in rbd_dev_create(), making it possible
to use rbd_dev_destroy() - which is just a put_device() - both before
we register with device core and after.
- rbd_dev_release() (the release callback) is the only place we
kfree(rbd_dev). It's also where we do module_put(), keeping the
module unload race window as small as possible.
- We pin the module in rbd_dev_create(), but only for mapping
rbd_dev-s. Moving image related stuff out of struct rbd_device into
another struct which isn't tied with sysfs and device core is long
overdue, but until that happens, this will keep rbd module refcount
(which users can observe with lsmod) sane.
Fixes: http://tracker.ceph.com/issues/12697
Cc: Alex Elder <elder@linaro.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
projects / linux-2.6-block.git / commit