This patch fixes a race accessing a CM message when destroying a cm_id. Signed-off-by: Sean Hefty <[EMAIL PROTECTED]>
Index: infiniband/core/cm.c =================================================================== --- infiniband/core/cm.c (revision 1807) +++ infiniband/core/cm.c (working copy) @@ -588,6 +588,7 @@ int ib_destroy_cm_id(struct ib_cm_id *cm struct cm_id_private *cm_id_priv; struct cm_work *work; unsigned long flags; + u64 wr_id; cm_id_priv = container_of(cm_id, struct cm_id_private, id); retest: @@ -602,9 +603,9 @@ retest: break; case IB_CM_SIDR_REQ_SENT: cm_id->state = IB_CM_IDLE; + wr_id = (unsigned long) cm_id_priv->msg; spin_unlock_irqrestore(&cm_id_priv->lock, flags); - ib_cancel_mad(cm_id_priv->av.port->mad_agent, - (unsigned long) cm_id_priv->msg); + ib_cancel_mad(cm_id_priv->av.port->mad_agent, wr_id); break; case IB_CM_SIDR_REQ_RCVD: spin_unlock_irqrestore(&cm_id_priv->lock, flags); _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general