[openib-general] Re: [PATCH] fix 2 race conditions in ib_destroy_cm_id
Michael S. Tsirkin
mst at mellanox.co.il
Sun May 7 08:57:54 PDT 2006
Quoting r. Michael S. Tsirkin <mst at mellanox.co.il>:
> Subject: [PATCH] fix 2 race conditions in ib_destroy_cm_id
>
> Fix two issues in CM.
> 1. crash if cm id is destroyed from handler because of non-0 return code,
> and at the same time from user thread by direct call to ib_destroy_cm_id.
> 2. use after free if ib_destroy_cm_id tests the refcount after cm_deref_id has
> decremented the reference count but before it has called wake_up.
>
> I'm sure the first one has caused crashes for me, and I suspect
> the second one caused a system hang.
>
> Signed-off-by: Michael S. Tsirkin <mst at mellanox.co.il>
I have sent this by mistake - the patch is still under test.
Please disregard.
Thanks,
--
MST
More information about the general
mailing list