On Tue, Aug 04, 2015 at 03:09:39PM +0300, Matan Barak wrote: > Correct, I'll change this comment to: > The release function is called after the device was put. > This is in order to avoid use-after-free errors if the vendor > driver's teardown code uses IB cache. .. the vendor driver uses IB cache from async contexts .. > >> + ib_cache_cleanup_one(device); > >> ib_device_unregister_sysfs(device); > > > > I didn't check closely, but I suspect the above order should be > > swapped, and the matching swap in register. sysfs can legitimately > > call into core code, but vice-versa shouldn't happen... > > > > I didn't understand this comment. The cleanup code calls del_gid > which tells the vendor to delete this GID (and dev_put the > ndevs). The kref-put (which is called when the device is > unregistered) frees the memory. If we switch the order, we would > have use-after-free scenario. I don't understand your comment either. What code path from ib_cache will go into ib_sysfs? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html