Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e4f50f00 authored by Roland Dreier's avatar Roland Dreier Committed by Linus Torvalds
Browse files

[PATCH] IB: allow NULL sa_query callbacks 



Check if a client passes a NULL callback into an SA query, and if so, never
call back.  This fixes an oops if someone unloads ib_ipoib and ib_sa in
rapid succession.  ib_ipoib does an MCMember delete with a NULL callback
and 0 timeout on unload, which is usually fine since the delete completes
successfully.  However, if ib_sa is unloaded immediately afterwards, the
delete will be canceled and ib_sa will try to call the (now already
unloaded) ib_ipoib module back with the cancel completion, which triggers
the oops.

Signed-off-by: default avatarRoland Dreier <roland@topspin.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 4f60fdf6

drivers/infiniband/core/sa_query.c

+18 −17
Original line number Original line Diff line number Diff line
@@ -587,7 +587,7 @@ int ib_sa_path_rec_get(struct ib_device *device, u8 port_num, 




	init_mad(query->sa_query.mad, agent);

	init_mad(query->sa_query.mad, agent);





	query->sa_query.callback              = ib_sa_path_rec_callback;

	query->sa_query.callback              = callback ? ib_sa_path_rec_callback : NULL;

	query->sa_query.release               = ib_sa_path_rec_release;

	query->sa_query.release               = ib_sa_path_rec_release;

	query->sa_query.port                  = port;

	query->sa_query.port                  = port;

	query->sa_query.mad->mad_hdr.method   = IB_MGMT_METHOD_GET;

	query->sa_query.mad->mad_hdr.method   = IB_MGMT_METHOD_GET;
@@ -663,7 +663,7 @@ int ib_sa_mcmember_rec_query(struct ib_device *device, u8 port_num, 




	init_mad(query->sa_query.mad, agent);

	init_mad(query->sa_query.mad, agent);





	query->sa_query.callback              = ib_sa_mcmember_rec_callback;

	query->sa_query.callback              = callback ? ib_sa_mcmember_rec_callback : NULL;

	query->sa_query.release               = ib_sa_mcmember_rec_release;

	query->sa_query.release               = ib_sa_mcmember_rec_release;

	query->sa_query.port                  = port;

	query->sa_query.port                  = port;

	query->sa_query.mad->mad_hdr.method   = method;

	query->sa_query.mad->mad_hdr.method   = method;
@@ -698,6 +698,7 @@ static void send_handler(struct ib_mad_agent *agent, 
	if (!query)

	if (!query)

		return;

		return;





	if (query->callback)

		switch (mad_send_wc->status) {

		switch (mad_send_wc->status) {

		case IB_WC_SUCCESS:

		case IB_WC_SUCCESS:

			/* No callback -- already got recv */

			/* No callback -- already got recv */
@@ -736,7 +737,7 @@ static void recv_handler(struct ib_mad_agent *mad_agent, 
	query = idr_find(&query_idr, mad_recv_wc->wc->wr_id);

	query = idr_find(&query_idr, mad_recv_wc->wc->wr_id);

	spin_unlock_irqrestore(&idr_lock, flags);

	spin_unlock_irqrestore(&idr_lock, flags);





	if (query) {

	if (query && query->callback) {

		if (mad_recv_wc->wc->status == IB_WC_SUCCESS)

		if (mad_recv_wc->wc->status == IB_WC_SUCCESS)

			query->callback(query,

			query->callback(query,

					mad_recv_wc->recv_buf.mad->mad_hdr.status ?

					mad_recv_wc->recv_buf.mad->mad_hdr.status ?