> -----Original Message----- > From: Jason Gunthorpe [mailto:jguntho...@obsidianresearch.com] > Sent: Wednesday, October 28, 2015 12:47 PM > > > ret = ib_nl_send_msg(query); > > + spin_lock_irqsave(&ib_nl_request_lock, flags); > > Looks like query could be kfree'd before ib_nl_send_msg returns, eg by > send_handler?
It's possible only when the request is successfully sent and a response is received before ib_nl_send_msg returns. Therefore, we should not touch the request and query if the sending is successfully. However, if the sending fails, we could remove the request from the list. > > > > if (ret <= 0) { > > ret = -EIO; > > - goto request_out; > > + /* Remove the request */ > > + list_del(&query->list); > > This one is probably OK iff nl_send_msg cannot call send_handler if it returns > error, which looks true. Correct. > > > } else { > > ret = 0; > > + /* Start the timeout if this is the only request */ > > + if (ib_nl_request_list.next == &query->list) > > This one looks sketchy. Maybe move this to the first locking block? A extra > timer on send error is not important enough to worry about.. You are correct. We should move it into the first block. Kaike > > Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html