[openib-general] RFC: potential race in ipoib
Michael S. Tsirkin
mst at mellanox.co.il
Wed Oct 4 05:59:10 PDT 2006
Not related to the recently discussed oops, but I think I see an
oopsable race in path_rec_completion:
we do:
if (dev_queue_xmit(skb))
ipoib_warn(priv, "dev_queue_xmit failed "
"to requeue packet\n");
if the device is going away (e.g. hotplug remove)
and the skb is the last one, priv pointer might not exist
anymore after dev_queue_xmit - the attempt to read the name
in ipoib_warn will then lead to a crash.
Do we even need the ipoib_warn? Its not too hard to trigger it
by downing the device while path record query is in progress.
Maybe just remove the message?
--
MST
More information about the general
mailing list