From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Gunthorpe Subject: Re: [PATCH for-next V1 2/3] IB/core: RoCE GID management separate cleanup and release Date: Tue, 4 Aug 2015 10:46:50 -0600 Message-ID: <20150804164650.GA3858@obsidianresearch.com> References: <1438607342-11964-1-git-send-email-matanb@mellanox.com> <1438607342-11964-3-git-send-email-matanb@mellanox.com> <20150804031038.GA27627@obsidianresearch.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-rdma-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Matan Barak Cc: Matan Barak , Doug Ledford , linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Somnath Kotur , Haggai Eran , Or Gerlitz List-Id: linux-rdma@vger.kernel.org On Tue, Aug 04, 2015 at 03:09:39PM +0300, Matan Barak wrote: > Correct, I'll change this comment to: > The release function is called after the device was put. > This is in order to avoid use-after-free errors if the vendor > driver's teardown code uses IB cache. .. the vendor driver uses IB cache from async contexts .. > >> + ib_cache_cleanup_one(device); > >> ib_device_unregister_sysfs(device); > > > > I didn't check closely, but I suspect the above order should be > > swapped, and the matching swap in register. sysfs can legitimately > > call into core code, but vice-versa shouldn't happen... > > > > I didn't understand this comment. The cleanup code calls del_gid > which tells the vendor to delete this GID (and dev_put the > ndevs). The kref-put (which is called when the device is > unregistered) frees the memory. If we switch the order, we would > have use-after-free scenario. I don't understand your comment either. What code path from ib_cache will go into ib_sysfs? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html