> > + next_id = (unsigned)id + 1; > > what happens when this wraps and becomes negative? > > in fact the idr stuff all works with plain signed ints -- could > idr_get_new() ever give a negative id? (too lazy too look at the > source right now)
A quick looks makes it look like idr stuff is *really* not designed to get a negative input: and note that old code has the wrap-around problem, too. So, I think the following would be a better fix: Hmm? Signed-off-by: Michael S. Tsirkin <[EMAIL PROTECTED]> diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c index eff591d..5e77b01 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -306,7 +306,9 @@ static int cm_alloc_id(struct cm_id_private *cm_id_priv) do { spin_lock_irqsave(&cm.lock, flags); ret = idr_get_new_above(&cm.local_id_table, cm_id_priv, - next_id++, &id); + next_id, &id); + if (!ret) + next_id = id == 0x7ffffff ? 0 : id + 1; spin_unlock_irqrestore(&cm.lock, flags); } while( (ret == -EAGAIN) && idr_pre_get(&cm.local_id_table, GFP_KERNEL) ); -- MST _______________________________________________ general mailing list general@lists.openfabrics.org http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general