[openib-general] Re: minor issue in SA query code
Roland Dreier
roland at topspin.com
Wed Jun 1 15:58:47 PDT 2005
Sean> It looks like there might be minor race issue in the SA
Sean> query code. ib_sa_path_rec_get() and
Sean> ib_sa_mcmember_rec_query() both return
Sean> query->sa_query.id. However, if a send completes
Sean> quickly, I think that it's possible that query could have
Sean> been freed.
I think this patch should fix it -- does this seem right to you?
- R.
--- sa_query.c (revision 2518)
+++ sa_query.c (working copy)
@@ -551,6 +551,7 @@ int ib_sa_path_rec_get(struct ib_device
struct ib_sa_device *sa_dev = ib_get_client_data(device, &sa_client);
struct ib_sa_port *port = &sa_dev->port[port_num - sa_dev->start_port];
struct ib_mad_agent *agent = port->agent;
+ int id;
int ret;
query = kmalloc(sizeof *query, gfp_mask);
@@ -578,6 +579,8 @@ int ib_sa_path_rec_get(struct ib_device
rec, query->sa_query.mad->data);
*sa_query = &query->sa_query;
+ id = query->sa_query.id;
+
ret = send_mad(&query->sa_query, timeout_ms);
if (ret) {
*sa_query = NULL;
@@ -585,7 +588,7 @@ int ib_sa_path_rec_get(struct ib_device
kfree(query);
}
- return ret ? ret : query->sa_query.id;
+ return ret ? ret : id;
}
EXPORT_SYMBOL(ib_sa_path_rec_get);
@@ -627,6 +630,7 @@ int ib_sa_mcmember_rec_query(struct ib_d
struct ib_sa_device *sa_dev = ib_get_client_data(device, &sa_client);
struct ib_sa_port *port = &sa_dev->port[port_num - sa_dev->start_port];
struct ib_mad_agent *agent = port->agent;
+ int id;
int ret;
query = kmalloc(sizeof *query, gfp_mask);
@@ -654,6 +658,8 @@ int ib_sa_mcmember_rec_query(struct ib_d
rec, query->sa_query.mad->data);
*sa_query = &query->sa_query;
+ id = query->sa_query.id;
+
ret = send_mad(&query->sa_query, timeout_ms);
if (ret) {
*sa_query = NULL;
@@ -661,7 +667,7 @@ int ib_sa_mcmember_rec_query(struct ib_d
kfree(query);
}
- return ret ? ret : query->sa_query.id;
+ return ret ? ret : id;
}
EXPORT_SYMBOL(ib_sa_mcmember_rec_query);
More information about the general
mailing list