[ewg] [PATCH OFED-1.4.2] RDMA/nes: fix qp refcount during disconnect

Faisal Latif faisal.latif at intel.com
Tue Jul 14 13:36:41 PDT 2009


qp was accessed after it got freed from disconnect task handling causing system crash.  Now we increment qp's refcount before queue_work() and decrementing it after it is complete.

 Signed-off-by: Faisal Latif <faisal.latif at intel.com>

---
 kernel_patches/fixes/nes_0350_qp_refcount.patch |   23 +++++++++++++++++++++++
 1 files changed, 23 insertions(+), 0 deletions(-)
 create mode 100644 kernel_patches/fixes/nes_0350_qp_refcount.patch

diff --git a/kernel_patches/fixes/nes_0350_qp_refcount.patch b/kernel_patches/fixes/nes_0350_qp_refcount.patch
new file mode 100644
index 0000000..76e7bb0
--- /dev/null
+++ b/kernel_patches/fixes/nes_0350_qp_refcount.patch
@@ -0,0 +1,23 @@
+diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
+index 1856a21..96152b5 100644
+--- a/drivers/infiniband/hw/nes/nes_cm.c
++++ b/drivers/infiniband/hw/nes/nes_cm.c
+@@ -2461,6 +2461,7 @@ int nes_cm_disconn(struct nes_qp *nesqp)
+ 	if (nesqp->disconn_pending == 0) {
+ 		nesqp->disconn_pending++;
+ 		spin_unlock_irqrestore(&nesqp->lock, flags);
++		nes_add_ref(&nesqp->ibqp);
+ 		/* init our disconnect work element, to */
+ 		INIT_WORK(&nesqp->disconn_work, nes_disconnect_worker);
+ 
+@@ -2482,6 +2483,7 @@ static void nes_disconnect_worker(struct work_struct *work)
+ 	nes_debug(NES_DBG_CM, "processing AEQE id 0x%04X for QP%u.\n",
+ 			nesqp->last_aeq, nesqp->hwqp.qp_id);
+ 	nes_cm_disconn_true(nesqp);
++	nes_rem_ref(&nesqp->ibqp);
+ }
+ 
+ 
+-- 
+1.6.0
+
-- 
1.6.0




More information about the ewg mailing list