From: Ursula Braun <ubraun@xxxxxxxxxxxxx>
Date: Tue, 23 Oct 2018 15:48:05 +0200
> @@ -315,6 +314,8 @@ static void smc_buf_unuse(struct smc_connection *conn)
> /* remove a finished connection from its link group */
> void smc_conn_free(struct smc_connection *conn)
> {
> + struct smc_link_group *lgr;
> +
> if (!conn->lgr)
> return;
> if (conn->lgr->is_smcd) {
> @@ -323,8 +324,9 @@ void smc_conn_free(struct smc_connection *conn)
> } else {
> smc_cdc_tx_dismiss_slots(conn);
> }
> + lgr = conn->lgr; /* smc_lgr_unregister_conn() unsets lgr */
> smc_lgr_unregister_conn(conn);
> - smc_buf_unuse(conn);
> + smc_buf_unuse(conn, lgr);
> }
This doesn't make any sense.
smc_lgr_unregister_conn() can free the memory and release the object,
albeit sometimes asynchronously via a workqueue.
It is not safe, therefore, to refrence the lgr object after that
function call.
I'm not applying this, sorry.
