On Thu, Apr 22, 2021 at 04:08:14PM -0300, Jason Gunthorpe wrote:
> On Wed, Apr 21, 2021 at 02:40:38PM +0300, Leon Romanovsky wrote:
> > @@ -303,20 +304,37 @@ static struct ib_mad_send_buf *cm_alloc_msg(struct cm_id_private *cm_id_priv)
> > struct ib_mad_agent *mad_agent;
> > struct ib_mad_send_buf *m;
> > struct ib_ah *ah;
> > + int ret;
> > +
> > + read_lock(&cm_id_priv->av_rwlock);
> > + if (!cm_id_priv->av.port) {
> > + ret = -EINVAL;
> > + goto out;
> > + }
> >
> > mad_agent = cm_id_priv->av.port->mad_agent;
> > + if (!mad_agent) {
> > + ret = -EINVAL;
> > + goto out;
> > + }
> > +
> > ah = rdma_create_ah(mad_agent->qp->pd, &cm_id_priv->av.ah_attr, 0);
> > - if (IS_ERR(ah))
> > - return (void *)ah;
> > + if (IS_ERR(ah)) {
> > + ret = PTR_ERR(ah);
> > + goto out;
> > + }
> >
> > m = ib_create_send_mad(mad_agent, cm_id_priv->id.remote_cm_qpn,
> > cm_id_priv->av.pkey_index,
> > 0, IB_MGMT_MAD_HDR, IB_MGMT_MAD_DATA,
> > GFP_ATOMIC,
> > IB_MGMT_BASE_VERSION);
> > +
> > + read_unlock(&cm_id_priv->av_rwlock);
> > if (IS_ERR(m)) {
> > rdma_destroy_ah(ah, 0);
> > - return m;
> > + ret = PTR_ERR(m);
> > + goto out;
> > }
> >
> > /* Timeout set by caller if response is expected. */
> > @@ -326,6 +344,10 @@ static struct ib_mad_send_buf *cm_alloc_msg(struct cm_id_private *cm_id_priv)
> > refcount_inc(&cm_id_priv->refcount);
> > m->context[0] = cm_id_priv;
> > return m;
> > +
> > +out:
> > + read_unlock(&cm_id_priv->av_rwlock);
>
> This flow has read_unlock happening twice on error
Ohh, sorry, I will fix.
Thanks
>
> Jason
