Hi Sean, > Let's try something like this then (untested): > > diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c > index 18a4366..0d06431 100755 > --- a/drivers/infiniband/core/cma.c > +++ b/drivers/infiniband/core/cma.c > @@ -1859,16 +1859,20 @@ int rdma_bind_addr(struct rdma_cm_id *id > mutex_unlock(&lock); > } > if (ret) > - goto err; > + goto err1; > } > > memcpy(&id->route.addr.src_addr, addr, ip_addr_size(addr)); > ret = cma_get_port(id_priv); > if (ret) > - goto err; > + goto err2; > > return 0; > -err: > +err2: > + mutex_lock(&lock); > + cma_detach_from_dev(id_priv); > + mutex_unlock(&lock); > +err1: > cma_comp_exch(id_priv, CMA_ADDR_BOUND, CMA_IDLE); > return ret; > }
This will mean that a deref is wrongly done if a loopback or zero address is passed to this function, without it having done a ref inc. I do think this case requires a variable to indicate whether a ref was got or not. Assuming that is true, I will submit a patch with your comment about holding the lock. thanks, - KK _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
