On Fri, Nov 18, 2022 at 08:44:11PM +0000, Ismail, Mustafa wrote:
> > > 432 register_pid_response_exit:
> > > 433 nlmsg_request->request_done = 1;
> > > 434 /* always for found nlmsg_request */
> > > 435 kref_put(&nlmsg_request->kref, iwpm_free_nlmsg_request);
> > >
> > > The iwpm_free_nlmsg_request() function will free "nlmsg_request"...
> > > It's not clear what the "/* always for found nlmsg_request */" comment
> > > means. Maybe it means that the refcount won't drop to zero so the
> > > free function won't be called?
> >
> > I think so. The nlmsg_request reference counter is elevated when it is found
> > in iwpm_find_nlmsg_request(). So I assume that it will be at least
> > 2 before call to kref_put(). Most likely, nlmsg_request->sem prevents from
> > parallel threads to decrease that reference counter.
> >
>
> I agree with Leon. The ref count should be 2 here.
> However, I don't see why the kref_put() can't be moved after the up(&nlmsg_request->sem) to get rid of the warning.
>
Let's not expend too much time trying to silence this warning. One way
to silence the warning would be to do:
kref_put(&nlmsg_request->kref, NULL);
I'm conficted about this approach, but no good can come from calling
iwpm_free_nlmsg_request() on this path.
A better way to silence the warning would be to do:
diff --git a/drivers/infiniband/core/iwpm_util.c b/drivers/infiniband/core/iwpm_util.c
index 358a2db38d23..4f819e6c1b09 100644
--- a/drivers/infiniband/core/iwpm_util.c
+++ b/drivers/infiniband/core/iwpm_util.c
@@ -357,7 +357,7 @@ struct iwpm_nlmsg_request *iwpm_find_nlmsg_request(__u32 echo_seq)
inprocess_list) {
if (nlmsg_request->nlmsg_seq == echo_seq) {
found_request = nlmsg_request;
- kref_get(&nlmsg_request->kref);
+ kref_get(&found_request->kref);
break;
}
}
But the best way would be to make Smatch parse iwpm_find_nlmsg_request()
correctly as-is.
regards,
dan carpenter
