IPoIB: Close race in ipoib_flush_paths()
authorEli Cohen <eli@mellanox.co.il>
Wed, 5 Apr 2006 12:59:34 +0000 (15:59 +0300)
committerRoland Dreier <rolandd@cisco.com>
Mon, 10 Apr 2006 16:43:59 +0000 (09:43 -0700)
ib_sa_cancel_query() must be called with priv->lock held since
a completion might arrive and set path->query to NULL.

Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
drivers/infiniband/ulp/ipoib/ipoib_main.c

index 5bf7e263454bb1475a8000cf7bb4195c818b5e05..996c6e16a46d49ecc135a745ca65f003e0c5aeda 100644 (file)
@@ -346,14 +346,15 @@ void ipoib_flush_paths(struct net_device *dev)
        list_for_each_entry(path, &remove_list, list)
                rb_erase(&path->rb_node, &priv->path_tree);
 
-       spin_unlock_irqrestore(&priv->lock, flags);
-
        list_for_each_entry_safe(path, tp, &remove_list, list) {
                if (path->query)
                        ib_sa_cancel_query(path->query_id, path->query);
+               spin_unlock_irqrestore(&priv->lock, flags);
                wait_for_completion(&path->done);
                path_free(dev, path);
+               spin_lock_irqsave(&priv->lock, flags);
        }
+       spin_unlock_irqrestore(&priv->lock, flags);
 }
 
 static void path_rec_completion(int status,