qp was accessed after it got freed from disconnect task handling causing system
crash. Now we increment qp's refcount before queue_work() and decrementing it
after it is complete.
Signed-off-by: Faisal Latif <faisal.la...@intel.com>
---
kernel_patches/fixes/nes_0350_qp_refcount.patch | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)
create mode 100644 kernel_patches/fixes/nes_0350_qp_refcount.patch
diff --git a/kernel_patches/fixes/nes_0350_qp_refcount.patch
b/kernel_patches/fixes/nes_0350_qp_refcount.patch
new file mode 100644
index 0000000..76e7bb0
--- /dev/null
+++ b/kernel_patches/fixes/nes_0350_qp_refcount.patch
@@ -0,0 +1,23 @@
+diff --git a/drivers/infiniband/hw/nes/nes_cm.c
b/drivers/infiniband/hw/nes/nes_cm.c
+index 1856a21..96152b5 100644
+--- a/drivers/infiniband/hw/nes/nes_cm.c
++++ b/drivers/infiniband/hw/nes/nes_cm.c
+@@ -2461,6 +2461,7 @@ int nes_cm_disconn(struct nes_qp *nesqp)
+ if (nesqp->disconn_pending == 0) {
+ nesqp->disconn_pending++;
+ spin_unlock_irqrestore(&nesqp->lock, flags);
++ nes_add_ref(&nesqp->ibqp);
+ /* init our disconnect work element, to */
+ INIT_WORK(&nesqp->disconn_work, nes_disconnect_worker);
+
+@@ -2482,6 +2483,7 @@ static void nes_disconnect_worker(struct work_struct
*work)
+ nes_debug(NES_DBG_CM, "processing AEQE id 0x%04X for QP%u.\n",
+ nesqp->last_aeq, nesqp->hwqp.qp_id);
+ nes_cm_disconn_true(nesqp);
++ nes_rem_ref(&nesqp->ibqp);
+ }
+
+
+--
+1.6.0
+
--
1.6.0
_______________________________________________
ewg mailing list
ewg@lists.openfabrics.org
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
