[ofa-general] Re: [PATCH] cma: fix access to freed memory

Eli Cohen eli at dev.mellanox.co.il
Mon Aug 3 20:32:21 PDT 2009


On Mon, Aug 03, 2009 at 01:31:37PM -0700, Roland Dreier wrote:
> 
> Is this all in response to problems seen in practice, or just from
> reading over the code?

I did not see a problem in practice with the current code, but playing
arround rdma_join_multicast() adding another case to the switch
statement revealed this problem which I think exists also in the
current code.

> 
>  > +	atomic_t		refcount;
> 
> I think this would be clearer if you used struct kref here.
> 
Certainly. I will post another patch.


>  > @@ -822,13 +829,17 @@ static void cma_leave_mc_groups(struct rdma_id_private *id_priv)
>  >  {
>  >  	struct cma_multicast *mc;
>  >  
>  > +	spin_lock_irq(&id_priv->lock);
> 
> I didn't follow how this change is connected to the reference counting.
> What is this synchronizing against?  Is it an independent change of the
> reference counting?
> 

Maybe it's just a loose connection but yet, it seems to me that
operations on id_priv->mc_list should be protected. Should I send a
different patch?



More information about the general mailing list