[ofa-general] [PATCH] IB/core free umem when mm is destroyed
Eli Cohen
eli at mellanox.co.il
Mon May 14 01:35:43 PDT 2007
free umem when task's mm is already destroyed by the time ib_umem_release
gets called.
Found by Dotan Barak at Mellanox
Signed-off-by: Eli Cohen <eli at mellanox.co.il>
---
Index: connectx_kernel/drivers/infiniband/core/umem.c
===================================================================
--- connectx_kernel.orig/drivers/infiniband/core/umem.c 2007-05-14 09:43:02.000000000 +0300
+++ connectx_kernel/drivers/infiniband/core/umem.c 2007-05-14 10:26:26.000000000 +0300
@@ -261,8 +261,10 @@ void ib_umem_release(struct ib_umem *ume
__ib_umem_release(umem->context->device, umem, 1);
mm = get_task_mm(current);
- if (!mm)
+ if (!mm) {
+ kfree(umem);
return;
+ }
diff = PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT;
More information about the general
mailing list