[openib-general] [PATCH] cm refcount race fix
Sean Hefty
mshefty at ichips.intel.com
Mon May 8 12:37:23 PDT 2006
Michael S. Tsirkin wrote:
> static inline void cm_deref_id(struct cm_id_private *cm_id_priv)
> {
> + unsigned long flags;
> +
> + spin_lock_irqsave(&cm_id_priv->lock, flags);
> if (atomic_dec_and_test(&cm_id_priv->refcount))
> wake_up(&cm_id_priv->wait);
> + spin_unlock_irqrestore(&cm_id_priv->lock, flags);
> }
I don't have a fix for this yet, but the basic problem is that the code releases
the reference on the cm_id_priv, then immediately accesses it on the next line.
Maybe there's a way to have wait object separate from the cm_id? The way this
is used, we almost want the wait object hidden.
- Sean
More information about the general
mailing list