On Thu, Feb 04, 2021 at 06:08:20PM +0200, Leon Romanovsky wrote:
> On Wed, Feb 03, 2021 at 04:01:16PM -0400, Jason Gunthorpe wrote:
> > On Mon, Jan 25, 2021 at 02:15:56PM +0200, Leon Romanovsky wrote:
> > > diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
> > > index e17ba841e204..7ce4d9dea826 100644
> > > +++ b/drivers/infiniband/core/cma.c
> > > @@ -352,7 +352,13 @@ struct ib_device *cma_get_ib_dev(struct cma_device *cma_dev)
> > >
> > > struct cma_multicast {
> > > struct rdma_id_private *id_priv;
> > > - struct ib_sa_multicast *sa_mc;
> > > + union {
> > > + struct ib_sa_multicast *sa_mc;
> > > + struct {
> > > + struct work_struct work;
> > > + struct rdma_cm_event event;
> > > + } iboe_join;
> > > + };
> > > struct list_head list;
> > > void *context;
> > > struct sockaddr_storage addr;
> > > @@ -1839,6 +1845,12 @@ static void destroy_mc(struct rdma_id_private *id_priv,
> > > cma_igmp_send(ndev, &mgid, false);
> > > dev_put(ndev);
> > > }
> > > +
> > > + if (cancel_work_sync(&mc->iboe_join.work))
> > > + /* Compensate for cma_iboe_join_work_handler that
> > > + * didn't run.
> > > + */
> > > + cma_id_put(mc->id_priv);
> >
> > Just get rid of the cma_id_get in cma_iboe_join_multicast() and don't
> > have this if
>
> Why do you think that it is safe to queue work without refcount?
Because we cancel the work before we destroy the memory - the work
serves as the refcount now
Jason
