[openib-general] [PATCH] [CM] fix race accessing CM msg during destruction
Sean Hefty
mshefty at ichips.intel.com
Wed Feb 16 16:03:34 PST 2005
This patch fixes a race accessing a CM message when destroying a cm_id.
Signed-off-by: Sean Hefty <sean.hefty at intel.com>
Index: infiniband/core/cm.c
===================================================================
--- infiniband/core/cm.c (revision 1807)
+++ infiniband/core/cm.c (working copy)
@@ -588,6 +588,7 @@ int ib_destroy_cm_id(struct ib_cm_id *cm
struct cm_id_private *cm_id_priv;
struct cm_work *work;
unsigned long flags;
+ u64 wr_id;
cm_id_priv = container_of(cm_id, struct cm_id_private, id);
retest:
@@ -602,9 +603,9 @@ retest:
break;
case IB_CM_SIDR_REQ_SENT:
cm_id->state = IB_CM_IDLE;
+ wr_id = (unsigned long) cm_id_priv->msg;
spin_unlock_irqrestore(&cm_id_priv->lock, flags);
- ib_cancel_mad(cm_id_priv->av.port->mad_agent,
- (unsigned long) cm_id_priv->msg);
+ ib_cancel_mad(cm_id_priv->av.port->mad_agent, wr_id);
break;
case IB_CM_SIDR_REQ_RCVD:
spin_unlock_irqrestore(&cm_id_priv->lock, flags);
More information about the general
mailing list