On Thu, 7 Mar 2019 01:53:44 -0800
Ira Weiny <ira.weiny@xxxxxxxxx> wrote:
> Doesn't aliasguid_query_handler() get called from send_handler()?
> Which means that this kfree() will delete the query before
> send_handler is done with it?
Thanks for catching this, Ira! My bad.
It is worse than you indicate above, unfortunately.
The query-response mad protocol requires that the (response) receive
callback be invoked before the (query) send callback. See function
ib_mad_complete_recv() in file core/mad.c.
This means that aliasguid_query_handler has already been invoked by
recv_handler -- and the query context already has been deleted.
Thus, since query has been deleted, in function send_handler() in
file sa_query.c we need to avoid the initial "if" with success:
if (query->callback) <== CANNOT DO THIS WITH SUCCESS STATUS
switch (mad_send_wc->status) {
case IB_WC_SUCCESS:
/* No callback -- already got recv */
break;
Jason has some suggestions which I am looking at.
-Jack
