[ofa-general] [PATCH 1/1] SDP: Don't allow destruct socket when having sdp_destroy_work in workqueue

Amir Vadai Wed, 23 Jul 2008 23:53:50 -0700

in error flow, sdp_destroy_work is placed in workqueue and sometimes the
user application call close() that destruct the socket before sdp_destroy_work
is called.


Signed-off-by: Amir Vadai <[EMAIL PROTECTED]>
---
 drivers/infiniband/ulp/sdp/sdp_main.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/infiniband/ulp/sdp/sdp_main.c 
b/drivers/infiniband/ulp/sdp/sdp_main.c
index c3bd9f4..de14ab6 100644
--- a/drivers/infiniband/ulp/sdp/sdp_main.c
+++ b/drivers/infiniband/ulp/sdp/sdp_main.c
@@ -344,6 +344,8 @@ void sdp_reset_sk(struct sock *sk, int rc)
 
        sk->sk_state_change(sk);
 
+       /* Don't destroy socket before destroy work does its job */
+       sock_hold(sk);
        queue_work(sdp_workqueue, &ssk->destroy_work);
 
        read_unlock(&device_removal_lock);
@@ -855,6 +857,7 @@ void sdp_destroy_work(struct work_struct *work)
           but if a CM connection is dropped below our legs state could
           be any state */
        sdp_exch_state(sk, ~0, TCP_CLOSE);
+       sock_put(sk);
 }
 
 void sdp_dreq_wait_timeout_work(struct work_struct *work)
-- 
1.5.3

_______________________________________________
general mailing list
[email protected]
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general

To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general

[ofa-general] [PATCH 1/1] SDP: Don't allow destruct socket when having sdp_destroy_work in workqueue

Reply via email to