This patch fixes a race accessing a CM message when destroying a cm_id.
Signed-off-by: Sean Hefty <[EMAIL PROTECTED]>
Index: infiniband/core/cm.c
===================================================================
--- infiniband/core/cm.c (revision 1807)
+++ infiniband/core/cm.c (working copy)
@@ -588,6 +588,7 @@ int ib_destroy_cm_id(struct ib_cm_id *cm
struct cm_id_private *cm_id_priv;
struct cm_work *work;
unsigned long flags;
+ u64 wr_id;
cm_id_priv = container_of(cm_id, struct cm_id_private, id);
retest:
@@ -602,9 +603,9 @@ retest:
break;
case IB_CM_SIDR_REQ_SENT:
cm_id->state = IB_CM_IDLE;
+ wr_id = (unsigned long) cm_id_priv->msg;
spin_unlock_irqrestore(&cm_id_priv->lock, flags);
- ib_cancel_mad(cm_id_priv->av.port->mad_agent,
- (unsigned long) cm_id_priv->msg);
+ ib_cancel_mad(cm_id_priv->av.port->mad_agent, wr_id);
break;
case IB_CM_SIDR_REQ_RCVD:
spin_unlock_irqrestore(&cm_id_priv->lock, flags);
_______________________________________________
openib-general mailing list
openib-general@openib.org
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
