[ofa-general] [PATCH] RDMA/nes: Fix slab corruption

[Chien Tung]

From: Chien Tung <ctung at neteffect.com>

RDMA/nes: Fix slab corruption

Referencing cm_node after it is freed via rem_ref_cm_node() caused a slab
corruption.  There is no need to set cm_node->cm_id to NULL in 
mini_cm_close().

Signed-off-by: Chien Tung <ctung at neteffect.com>
--
Roland,

Please discard "[PATCH 4/4] RDMA/nes: Clear cm_id only when done with cm_node"
and use this patch instead.  The intent of the original patch was to patch a
slab corruption caused by referencing cm_node->cm_id after cm_node is freed.
Adding cm_node->cm_id = NULL; to cases that are not freeing cm_node doesn't
make any sense either as cm_id is needed to free cm_node.

Needless to say, we are working on more fix/cleanup patches for nes_cm.c

 drivers/infiniband/hw/nes/nes_cm.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
index d69226d..2caf9da 100644
--- a/drivers/infiniband/hw/nes/nes_cm.c
+++ b/drivers/infiniband/hw/nes/nes_cm.c
@@ -2029,7 +2029,6 @@ static int mini_cm_close(struct nes_cm_core *cm_core, struct nes_cm_node *cm_nod
 		ret = rem_ref_cm_node(cm_core, cm_node);
 		break;
 	}
-	cm_node->cm_id = NULL;
 	return ret;
 }