[ENBD] Kernel oops (nbd-2.4.31) or failed connections

Wed May 19 08:41:59 MDT 2004

 From previous mail (selected lines):

May 19 16:01:18 newsperry-01 kernel: ABD: enbd_open:1305 enbd_dev[0]=0
May 19 16:01:18 newsperry-01 kernel: ABD: enbd_open:1305 
enbd_dev[0]=f7cca400
May 19 16:01:18 newsperry-01 kernel: ABD: enbd_ioctl:4556 
enbd_dev[0]=f7cca400
May 19 16:01:18 newsperry-01 kernel: ABD: enbd_release:5326 
enbd_dev[0]=f7cca400
May 19 16:01:18 newsperry-01 kernel: ABD: enbd_release:5417 
enbd_dev[0]=f7cca400

My interpretation:

Two processes are doing the open (MT/SMP machine), enbd_dev[X]->refcnt 
is not properly
protected neither in enbd_open or in enbd_release, possible scenario:

enbd_open:                            enbd_open:

down(enbd_sem)                        down(enbd_sem) waiting...
enbd[0] = kmalloc(...)
up(enbd_sem)
                                       down(enbd_sem) continued...

enbd_dev[0]->ref_cnt++
....
enbd_release:

enbd_dev[0]->ref_cnt--
if (enbd_dev[0]->ref_cnt <= 0) {
											enbd_dev[0]->ref_cnt++
   enbd_dev[0] = NULL;
}

My guess is that enbd_dev[0] gets tucked into some register, thereby 
making
the timing less strict (i.e enbd_dev[0]->ref_cnt++, might involve 
assigning new
values to kfree'd memory).

BTW: The complexity of this driver is really stunning...

Regards

Anders