[openib-general] Re: [PATCH] cm refcount race fix

[Michael S. Tsirkin]

Quoting r. Roland Dreier <rdreier at cisco.com>:
> Subject: Re: [PATCH] cm refcount race fix
> 
>     Michael> cm_deref_id does nothing outside the lock.
> 
> But you could still have:
> 
> /* Make sure cm_deref_id is not in progress */
> spin_lock_irq(&cm_id_priv->lock);
> spin_unlock_irq(&cm_id_priv->lock);
> 
> 				spin_lock_irqsave(&cm_id_priv->lock, flags);
> 				if (atomic_dec_and_test(&cm_id_priv->refcount))
> 
> wait_event(cm_id_priv->wait, !atomic_read(&cm_id_priv->refcount));
> 
> while ((work = cm_dequeue_work(cm_id_priv)) != NULL)
> 	cm_free_work(work);
> kfree(cm_id_priv->compare_data);
> 
> 			 		wake_up(&cm_id_priv->wait);
> 				spin_unlock_irqrestore(&cm_id_priv->lock, flags);

Now I am confused.  That's not what my patch does.
http://openib.org/pipermail/openib-general/2006-May/021040.html

I do lock/unlock *after* refcount is 0: after wait_event.
Please tell me what I am missing.



-- 
MST