On Tue, Jan 05, 2021 at 01:13:27PM +0200, Leon Romanovsky wrote:
> From: Jason Gunthorpe <jgg@xxxxxxxxxx>
>
> The destruction flow is very complicated here because the cm_id can be
> destroyed from the event handler at any time if the device is
> hot-removed. This leaves behind a partial ctx with no cm_id in the xarray.
>
> Make everything consistent in this flow in all places:
>
> - Return the xarray back to XA_ZERO_ENTRY before beginning any
> destruction. The thread that reaches this first is responsible to
> kfree, everyone else does nothing.
>
> - Test the xarray during the special hot-removal case to block the
> queue_work, this has much simpler locking and doesn't require a
> 'destroying'
>
> - Fix the ref initialization so that it is only positive if cm_id !=
> NULL, then rely on that to guide the destruction process in all cases.
>
> Now the new ucma_destroy_private_ctx() can be called in all places that
> want to free the ctx, including all the error unwinds, and none of the
> details are missed.
>
> Fixes: a1d33b70dbbc ("RDMA/ucma: Rework how new connections are passed through event delivery")
> Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> ---
> drivers/infiniband/core/ucma.c | 135 ++++++++++++++++++---------------
> 1 file changed, 72 insertions(+), 63 deletions(-)
Applied to for-rc, thanks
Jason
