[openib-general] [PATCH] fix cma_leave_mc_groups

[Krishna Kumar]

- mthca_multicast_detach - as an example, frees up a bit
  for re-use later so if it is not called during destroy_id,
  it *appears* that those bits (index) are leaked.

- cma_leave_mc_groups can race with other routines updating
  or reading the mclist, so use lock. Eg while doing a
  rdma_destroy_id(), other processes could be looking at
  this id and de-referencing mclist.

Signed-off-by: Krishna Kumar <krkumar2 at in.ibm.com>
--------

diff -ruNp org/core/cma.c new/core/cma.c
--- org/core/cma.c	2006-09-18 16:00:41.000000000 +0530
+++ new/core/cma.c	2006-09-18 16:12:58.000000000 +0530
@@ -761,14 +761,24 @@ static void cma_release_port(struct rdma
 static void cma_leave_mc_groups(struct rdma_id_private *id_priv)
 {
 	struct cma_multicast *mc;
+	unsigned long flags;
 
+	spin_lock_irqsave(&id_priv->lock, flags);
 	while (!list_empty(&id_priv->mc_list)) {
 		mc = container_of(id_priv->mc_list.next,
 				  struct cma_multicast, list);
 		list_del(&mc->list);
+		spin_unlock_irqrestore(&id_priv->lock, flags);
+		if (id_priv->id.qp) {
+			ib_detach_mcast(id_priv->id.qp,
+					&mc->multicast.ib->rec.mgid,
+					mc->multicast.ib->rec.mlid);
+		}
 		ib_free_multicast(mc->multicast.ib);
 		kfree(mc);
+		spin_lock_irqsave(&id_priv->lock, flags);
 	}
+	spin_unlock_irqrestore(&id_priv->lock, flags);
 }
 
 void rdma_destroy_id(struct rdma_cm_id *id)