On Thu, 2010-02-25 at 12:15 -0800, Roland Dreier wrote:
> > When using connected mode, ipoib_cm_create_tx() kmallocs a
> > struct ipoib_cm_tx which contains pointers to ipoib_neigh and
> > ipoib_path. If the paths are flushed or the struct neighbour is
> > destroyed, the pointers held by struct
On Thu, 2010-02-25 at 12:03 -0800, Arthur Kepner wrote:
> On Thu, Feb 25, 2010 at 11:29:02AM -0800, Ralph Campbell wrote:
> >
>
> I haven't looked carefully at the whole patch, but this bit
> looks wrong:
>
> > @@ -848,61 +823,112 @@ static void ipoib_neigh_cleanup(struct neighbour *n)
> >
On Thu, Feb 25, 2010 at 11:29:02AM -0800, Ralph Campbell wrote:
>
I haven't looked carefully at the whole patch, but this bit
looks wrong:
> @@ -848,61 +823,112 @@ static void ipoib_neigh_cleanup(struct neighbour *n)
> struct ipoib_neigh *neigh;
> struct ipoib_dev_priv *priv =
> When using connected mode, ipoib_cm_create_tx() kmallocs a
> struct ipoib_cm_tx which contains pointers to ipoib_neigh and
> ipoib_path. If the paths are flushed or the struct neighbour is
> destroyed, the pointers held by struct ipoib_cm_tx can reference
> freed memory. The fix is to add re
>From 4a2f3a9685fd82b57e75a31d04d6967d7d9b33c2 Mon Sep 17 00:00:00 2001
From: Ralph Campbell
Date: Thu, 25 Feb 2010 11:22:02 -0800
Subject: [PATCH] IB/ipoib: fix dangling pointer references to ipoib_neigh and
ipoib_path
When using connected mode, ipoib_cm_create_tx() kmallocs a
str
