Re: [openib-general] NULL ptr derefence

Thu, 14 Apr 2005 12:25:01 -0700 

I think I have this figured out: if you unload ib_ipoib and
ib_sa_query in quick succession, ib_ipoib sends MCMember requests to
the SA to leave its multicast groups.  Normally, because IPoIB sets a
timeout of 0, no callback is generated and so it's fine that IPoIB
passes a NULL callback.  However, if ib_sa_query is unloaded right
afterwards, the send of the request doesn't get a chance to complete
and so a cancel callback is generated.

If this crash is at all reproducible for you, can you try this patch
and see if it helps?

Thanks,
  Roland

--- infiniband/core/sa_query.c  (revision 1781)
+++ infiniband/core/sa_query.c  (working copy)
@@ -587,7 +587,7 @@
 
        init_mad(query->sa_query.mad, agent);
 
-       query->sa_query.callback              = ib_sa_path_rec_callback;
+       query->sa_query.callback              = callback ? 
ib_sa_path_rec_callback : NULL;
        query->sa_query.release               = ib_sa_path_rec_release;
        query->sa_query.port                  = port;
        query->sa_query.mad->mad_hdr.method   = IB_MGMT_METHOD_GET;
@@ -663,7 +663,7 @@
 
        init_mad(query->sa_query.mad, agent);
 
-       query->sa_query.callback              = ib_sa_mcmember_rec_callback;
+       query->sa_query.callback              = callback ? 
ib_sa_mcmember_rec_callback : NULL;
        query->sa_query.release               = ib_sa_mcmember_rec_release;
        query->sa_query.port                  = port;
        query->sa_query.mad->mad_hdr.method   = method;
@@ -698,20 +698,21 @@
        if (!query)
                return;
 
-       switch (mad_send_wc->status) {
-       case IB_WC_SUCCESS:
-               /* No callback -- already got recv */
-               break;
-       case IB_WC_RESP_TIMEOUT_ERR:
-               query->callback(query, -ETIMEDOUT, NULL);
-               break;
-       case IB_WC_WR_FLUSH_ERR:
-               query->callback(query, -EINTR, NULL);
-               break;
-       default:
-               query->callback(query, -EIO, NULL);
-               break;
-       }
+       if (query->callback)
+               switch (mad_send_wc->status) {
+               case IB_WC_SUCCESS:
+                       /* No callback -- already got recv */
+                       break;
+               case IB_WC_RESP_TIMEOUT_ERR:
+                       query->callback(query, -ETIMEDOUT, NULL);
+                       break;
+               case IB_WC_WR_FLUSH_ERR:
+                       query->callback(query, -EINTR, NULL);
+                       break;
+               default:
+                       query->callback(query, -EIO, NULL);
+                       break;
+               }
 
        dma_unmap_single(agent->device->dma_device,
                         pci_unmap_addr(query, mapping),
@@ -736,7 +737,7 @@
        query = idr_find(&query_idr, mad_recv_wc->wc->wr_id);
        spin_unlock_irqrestore(&idr_lock, flags);
 
-       if (query) {
+       if (query && query->callback) {
                if (mad_recv_wc->wc->status == IB_WC_SUCCESS)
                        query->callback(query,
                                        
mad_recv_wc->recv_buf.mad->mad_hdr.status ?
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general

To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general

Reply via email to