On Mon, Mar 29, 2021 at 09:41:01AM -0300, Jason Gunthorpe wrote:
> On Thu, Mar 18, 2021 at 12:03:06PM +0200, Leon Romanovsky wrote:
>
> > +static void cm_send_free_msg(struct ib_mad_send_buf *msg)
> > +{
> > + struct cm_id_private *cm_id_priv;
> > +
> > + cm_id_priv = msg->context[0];
> > + if (!cm_id_priv || cm_id_priv->msg != msg) {
> > + cm_free_msg(msg);
> > + return;
> > + }
> > +
> > + spin_lock_irq(&cm_id_priv->lock);
> > + cm_free_msg(msg);
> > + cm_id_priv->msg = NULL;
> > + spin_unlock_irq(&cm_id_priv->lock);
> > +}
>
> Either the whole sequence should be inside the lock or nothing should
> be in the lock..
I see the race now, thanks for pointing it.
>
> Oh this is all messed up and needs a big fix. Review and include this
> in the series and drop the above function.
>
> https://github.com/jgunthorpe/linux/commits/for-markz
We will take a look on it.
Thanks
>
> Jason
