[openib-general] [PATCH] [CM] fix race accessing CM msg during destruction

Sean Hefty mshefty at ichips.intel.com
Wed Feb 16 16:03:34 PST 2005


This patch fixes a race accessing a CM message when destroying a cm_id.

Signed-off-by: Sean Hefty <sean.hefty at intel.com>

Index: infiniband/core/cm.c
===================================================================
--- infiniband/core/cm.c	(revision 1807)
+++ infiniband/core/cm.c	(working copy)
@@ -588,6 +588,7 @@ int ib_destroy_cm_id(struct ib_cm_id *cm
 	struct cm_id_private *cm_id_priv;
 	struct cm_work *work;
 	unsigned long flags;
+	u64 wr_id;
 
 	cm_id_priv = container_of(cm_id, struct cm_id_private, id);
 retest:
@@ -602,9 +603,9 @@ retest:
 		break;
 	case IB_CM_SIDR_REQ_SENT:
 		cm_id->state = IB_CM_IDLE;
+		wr_id = (unsigned long) cm_id_priv->msg;
 		spin_unlock_irqrestore(&cm_id_priv->lock, flags);
-		ib_cancel_mad(cm_id_priv->av.port->mad_agent,
-			      (unsigned long) cm_id_priv->msg);
+		ib_cancel_mad(cm_id_priv->av.port->mad_agent, wr_id);
 		break;
 	case IB_CM_SIDR_REQ_RCVD:
 		spin_unlock_irqrestore(&cm_id_priv->lock, flags);



More information about the general mailing list