[ofa-general] [PATCH] ipoib: racing uses of ipoib_neigh in IPoIB-CM
Yossi Etigin
yosefe at voltaire.com
Thu Jun 11 10:11:10 PDT 2009
akepner at sgi.com wrote:
> Yeah, looks like there's a hole there. By changing the test from:
>
> if (neigh) {
> neigh->cm = NULL;
>
> to:
>
> if (neigh && neigh->cm) {
> neigh->cm = NULL;
>
> it can be closed.
It does not close it completely. What if ipoib_neigh_cleanup() is called after
you do ipoib_put_ah(neigh->ah) in the CM code?
>
> Generally the fact that we hold a reference should prevent
> ipoib_neigh_cleanup() from being invoked.
>
> But, alas, there are a couple of cases where the neighbour can
> be have the neigh_cleanup() method invoked even when there are
> references held (e.g., when the interface goes down).
>
> So, yeah, there seems to be a hole there. A smaller hole, but
> still....
>
How about checking the refcnt in the neigh_cleanup function, and if it's
not 1 give up the ipoib cleanup?
More information about the general
mailing list