From: Yishai Hadas <yishaih-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
To: Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Cc: Yishai Hadas <yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
raindel-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org,
jackm-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org,
haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH for-next V8 6/6] IB/ucma: HW Device hot-removal support
Date: Wed, 19 Aug 2015 16:59:11 +0300 [thread overview]
Message-ID: <55D48BAF.3030709@dev.mellanox.co.il> (raw)
In-Reply-To: <20150818175047.GA21113-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
On 8/18/2015 8:50 PM, Jason Gunthorpe wrote:
> On Thu, Aug 13, 2015 at 06:32:07PM +0300, Yishai Hadas wrote:
>> @@ -501,10 +586,24 @@ static ssize_t ucma_destroy_id(struct ucma_file *file, const char __user *inbuf,
>> + if (!ctx->closing) {
>> + mutex_unlock(&mut);
>> + ucma_put_ctx(ctx);
>> + wait_for_completion(&ctx->comp);
>> + rdma_destroy_id(ctx->cm_id);
>
> Suggest nulling cm_id after it is destroyed in all places, this code
> is very complicated, I'd rather see a nice clean risk of
> null-pointer-deref than an undetected use-after free if it gets messed
> up.
It can be helpful for debugging but usually nulling is not done when
it's not really needed, because it is considered redundant.
Currently it's not the usage in this module and in cma.c when calling
rdma_destroy_id.
>> + list_for_each_entry(con_req_eve, &ctx->file->event_list, list) {
>> + if (con_req_eve->cm_id == cm_id &&
>> + con_req_eve->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST) {
>> + list_del(&con_req_eve->list);
>
> Isn't the list_for_each_safe version needed if list_del/kfree is called
> within the body?
No need for a safe version here.
The safe version is needed only when a loop continues iterating after
list_del && kfree, which is not the case here. When the entry is found
there is a "break" in the code and the iteration is stopped. see next
few lines in the patch.
See also below same usage as part of mlx4_remove_device.
http://lxr.free-electrons.com/source/drivers/net/ethernet/mellanox/mlx4/intf.c#L70
By the way, even if the code continues iterating the list (which is not
the case here ...) the code is safe as the free is done from a task that
calls first rdma_destroy_id which internally waits on same mutex that
the loop called with as part of cma_remove_id_dev(i.e
id_priv->handler_mutex). When the loop ends and the mutex is released,
all the other tasks can continue running and free the entry. (see the
comment in rdma_destroy_id "Wait for any active callback to finish ...")
>
> The locking looks much saner now, thanks Haggaie.
Yes, thanks as well.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-08-19 13:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-13 15:32 [PATCH for-next V8 0/6] HW Device hot-removal support Yishai Hadas
[not found] ` <1439479927-8751-1-git-send-email-yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-08-13 15:32 ` [PATCH for-next V8 1/6] IB/uverbs: Fix reference counting usage of event files Yishai Hadas
2015-08-13 15:32 ` [PATCH for-next V8 2/6] IB/uverbs: Fix race between ib_uverbs_open and remove_one Yishai Hadas
2015-08-13 15:32 ` [PATCH for-next V8 3/6] IB/uverbs: Explicitly pass ib_dev to uverbs commands Yishai Hadas
2015-08-13 15:32 ` [PATCH for-next V8 4/6] IB/uverbs: Enable device removal when there are active user space applications Yishai Hadas
2015-08-13 15:32 ` [PATCH for-next V8 5/6] IB/mlx4_ib: Disassociate support Yishai Hadas
2015-08-13 15:32 ` [PATCH for-next V8 6/6] IB/ucma: HW Device hot-removal support Yishai Hadas
[not found] ` <1439479927-8751-7-git-send-email-yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-08-18 17:50 ` Jason Gunthorpe
[not found] ` <20150818175047.GA21113-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-08-19 13:59 ` Yishai Hadas [this message]
[not found] ` <55D48BAF.3030709-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2015-08-19 19:47 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55D48BAF.3030709@dev.mellanox.co.il \
--to=yishaih-ldsdmyg8hgv8yrgs2mwiifqbs+8scbdb@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=jackm-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=raindel-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox