aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/infiniband
diff options
context:
space:
mode:
authorSean Hefty <sean.hefty@intel.com>2007-11-30 17:30:18 -0800
committerRoland Dreier <rolandd@cisco.com>2008-01-25 14:15:31 -0800
commitb61d92d8ae6aa13b17d1c31e69d123879cec2ee2 (patch)
treea6627de06dfccda28a25a5a5f29fc3bcbef50350 /drivers/infiniband
parent9af57b7a2702f2cdf6ae499612e90b0f84bcb393 (diff)
downloadkernel_samsung_smdk4412-b61d92d8ae6aa13b17d1c31e69d123879cec2ee2.zip
kernel_samsung_smdk4412-b61d92d8ae6aa13b17d1c31e69d123879cec2ee2.tar.gz
kernel_samsung_smdk4412-b61d92d8ae6aa13b17d1c31e69d123879cec2ee2.tar.bz2
IB/mad: Fix incorrect access to items on local_list
In cancel_mads(), MADs are moved from the wait_list and local_list to a cancel_list for processing. However, the structures on these two lists are not the same. The wait_list references struct ib_mad_send_wr_private, but local_list references struct ib_mad_local_private. Cancel_mads() treats all items moved to the cancel_list as struct ib_mad_send_wr_private. This leads to a system crash when requests are moved from the local_list to the cancel_list. Fix this by leaving local_list alone. All requests on the local_list have completed are just awaiting processing by a queued worker thread. Bug (crash) reported by Dotan Barak <dotanb@dev.mellanox.co.il>. Problem with local_list access reported by Robert Reynolds <rreynolds@opengridcomputing.com>. Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'drivers/infiniband')
-rw-r--r--drivers/infiniband/core/mad.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
index 5eace99..fbe16d5 100644
--- a/drivers/infiniband/core/mad.c
+++ b/drivers/infiniband/core/mad.c
@@ -2275,8 +2275,6 @@ static void cancel_mads(struct ib_mad_agent_private *mad_agent_priv)
/* Empty wait list to prevent receives from finding a request */
list_splice_init(&mad_agent_priv->wait_list, &cancel_list);
- /* Empty local completion list as well */
- list_splice_init(&mad_agent_priv->local_list, &cancel_list);
spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
/* Report all cancelled requests */