[ofa-general] Re: [PATCH] cma: fix access to freed memory
Roland Dreier
rdreier at cisco.com
Mon Aug 3 13:31:37 PDT 2009
> rdma_join_multicast() allocates struct cma_multicast and then proceeds to join
> to a multicast address. However, the join operation completes in another
> context and the allocated struct could be released if the user destroys either
> the rdma_id object or decides to leave the multicast group while the join is in
> progress. This patch uses reference counting to to avoid such situation. It
> also protects removal from id_priv->mc_list in cma_leave_mc_groups().
Is this all in response to problems seen in practice, or just from
reading over the code?
> + atomic_t refcount;
I think this would be clearer if you used struct kref here.
> @@ -822,13 +829,17 @@ static void cma_leave_mc_groups(struct rdma_id_private *id_priv)
> {
> struct cma_multicast *mc;
>
> + spin_lock_irq(&id_priv->lock);
I didn't follow how this change is connected to the reference counting.
What is this synchronizing against? Is it an independent change of the
reference counting?
- R.
More information about the general
mailing list