RDMA/nes: Async event for closed QP causes crash
authorFaisal Latif <faisal.latif@intel.com>
Fri, 21 May 2010 21:55:03 +0000 (16:55 -0500)
committerRoland Dreier <rolandd@cisco.com>
Tue, 25 May 2010 04:12:54 +0000 (21:12 -0700)
Under abnormal termination, modify_qp() closes the QP, and async event
(AE) handling also attempts to close the same QP, causing a crash.
Fix this by checking the state of the QP before processing the AE.

Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
drivers/infiniband/hw/nes/nes_hw.c

index 86acb7d570643552405c006322d15bdc0dc30f94..bb9c77504fe265fe2ad96c6d40e73c73226fd804 100644 (file)
@@ -3422,6 +3422,7 @@ static void nes_process_iwarp_aeqe(struct nes_device *nesdev,
        struct nes_adapter *nesadapter = nesdev->nesadapter;
        u32 aeq_info;
        u32 next_iwarp_state = 0;
+       u32 aeqe_cq_id;
        u16 async_event_id;
        u8 tcp_state;
        u8 iwarp_state;
@@ -3449,6 +3450,14 @@ static void nes_process_iwarp_aeqe(struct nes_device *nesdev,
                        le32_to_cpu(aeqe->aeqe_words[NES_AEQE_COMP_QP_CQ_ID_IDX]), aeqe,
                        nes_tcp_state_str[tcp_state], nes_iwarp_state_str[iwarp_state]);
 
+       aeqe_cq_id = le32_to_cpu(aeqe->aeqe_words[NES_AEQE_COMP_QP_CQ_ID_IDX]);
+       if (aeq_info & NES_AEQE_QP) {
+               if ((!nes_is_resource_allocated(nesadapter, nesadapter->allocated_qps,
+                               aeqe_cq_id)) ||
+                               (atomic_read(&nesqp->close_timer_started)))
+                       return;
+       }
+
        switch (async_event_id) {
                case NES_AEQE_AEID_LLP_FIN_RECEIVED:
                        if (nesqp->term_flags)