[ofa-general] [PATCH] ipoib: Bug fix IPOIB CM dereferencing invalid pointer

Wed Nov 28 07:44:52 PST 2007

Bug fix IPOIB CM dereferencing invalid pointer

When ipoib_neigh_free gets called it needs to set to NULL
its ->cm member so that a completion with error reaching
ipoib_cm_handle_tx_wc will not access an invalid pointer.

Signed-off-by: Eli Cohen <eli at mellanox.co.il>
---
 drivers/infiniband/ulp/ipoib/ipoib_main.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
index a03a65e..95c7714 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -869,6 +869,8 @@ void ipoib_neigh_free(struct net_device *dev, struct ipoib_neigh *neigh)
 	}
 	if (ipoib_cm_get(neigh))
 		ipoib_cm_destroy_tx(ipoib_cm_get(neigh));
+
+	neigh->cm = NULL;
 	kfree(neigh);
 }
 
-- 
1.5.3.6




