[openib-general] [PATCH] id_priv_list->list is not initialized sometimes

Krishna Kumar Tue, 19 Sep 2006 00:07:24 -0700

rdma_listen could be called from a context where id_priv->list
is not initialized. Then at a later stage, a cma_cancel_listen
does a list_del() which could oops since this element is not
on any list.


Eg, in rdma_listen(), if id->device is !NULL, it calls
cma_ib_listen() which doesn't add this id to any list. A
cma_cancel_listen() will do a list_del.

Signed-off-by: Krishna Kumar <[EMAIL PROTECTED]>
--------

diff -ruNp org/core/cma.c new/core/cma.c
--- org/core/cma.c      2006-09-14 15:31:27.000000000 +0530
+++ new/core/cma.c      2006-09-14 16:07:35.000000000 +0530
@@ -339,6 +339,7 @@ struct rdma_cm_id* rdma_create_id(rdma_c
        atomic_set(&id_priv->dev_remove, 0);
        INIT_LIST_HEAD(&id_priv->listen_list);
        INIT_LIST_HEAD(&id_priv->mc_list);
+       INIT_LIST_HEAD(&id_priv->list);
        get_random_bytes(&id_priv->seq_num, sizeof id_priv->seq_num);
 
        return &id_priv->id;

_______________________________________________
openib-general mailing list
openib-general@openib.org
http://openib.org/mailman/listinfo/openib-general

To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general

[openib-general] [PATCH] id_priv_list->list is not initialized sometimes

Reply via email to