RE: [PATCH] IB/ipoib: Prevent hung task or softlockup processing multicast response

[Hefty, Sean]

> --- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c
> +++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
> @@ -57,21 +57,24 @@ struct ipoib_ah *ipoib_create_ah(struct net_device *dev,
>                                struct ib_pd *pd, struct ib_ah_attr *attr)
>  {
>       struct ipoib_ah *ah;
> +     struct ib_ah *vah;
> 
>       ah = kmalloc(sizeof *ah, GFP_KERNEL);
>       if (!ah)
> -             return NULL;
> +             return ERR_PTR(-ENOMEM);
> 
>       ah->dev       = dev;
>       ah->last_send = 0;
>       kref_init(&ah->ref);
> 
> -     ah->ah = ib_create_ah(pd, attr);
> -     if (IS_ERR(ah->ah)) {
> +     vah = ib_create_ah(pd, attr);
> +     if (IS_ERR(vah)) {
>               kfree(ah);
> -             ah = NULL;
> -     } else
> +             ah = (struct ipoib_ah *)vah;
> +     } else {
> +             ah->ah = vah;

This needs to be fixed.  ah is freed, assign to an error code, then 
dereferenced.

N�����r��y����b�X��ǧv�^�)޺{.n�+����{��ٚ�{ay�ʇڙ�,j��f���h���z��w���
���j:+v���w�j�m��������zZ+�����ݢj"��!�i