[ofa-general] Re: [PATCH] cma: fix access to freed memory
Eli Cohen
eli at dev.mellanox.co.il
Mon Aug 3 20:32:21 PDT 2009
On Mon, Aug 03, 2009 at 01:31:37PM -0700, Roland Dreier wrote:
>
> Is this all in response to problems seen in practice, or just from
> reading over the code?
I did not see a problem in practice with the current code, but playing
arround rdma_join_multicast() adding another case to the switch
statement revealed this problem which I think exists also in the
current code.
>
> > + atomic_t refcount;
>
> I think this would be clearer if you used struct kref here.
>
Certainly. I will post another patch.
> > @@ -822,13 +829,17 @@ static void cma_leave_mc_groups(struct rdma_id_private *id_priv)
> > {
> > struct cma_multicast *mc;
> >
> > + spin_lock_irq(&id_priv->lock);
>
> I didn't follow how this change is connected to the reference counting.
> What is this synchronizing against? Is it an independent change of the
> reference counting?
>
Maybe it's just a loose connection but yet, it seems to me that
operations on id_priv->mc_list should be protected. Should I send a
different patch?
More information about the general
mailing list