On Wed, Oct 28, 2015 at 09:44:27AM -0400, kaike.wan@xxxxxxxxx wrote:
> ret = ib_nl_send_msg(query);
> + spin_lock_irqsave(&ib_nl_request_lock, flags);
Looks like query could be kfree'd before ib_nl_send_msg returns, eg by
send_handler?
> if (ret <= 0) {
> ret = -EIO;
> - goto request_out;
> + /* Remove the request */
> + list_del(&query->list);
This one is probably OK iff nl_send_msg cannot call send_handler if it
returns error, which looks true.
> } else {
> ret = 0;
> + /* Start the timeout if this is the only request */
> + if (ib_nl_request_list.next == &query->list)
This one looks sketchy. Maybe move this to the first locking block? A
extra timer on send error is not important enough to worry about..
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
