korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-14 06:24:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
37289efe3e
linux/drivers
History
Michael S. Tsirkin 37289efe3e IB/mad: fix oops in cancel_mads 
We have seen the following OOPs in cancel_mads, when restarting opensm
multiple times:

    Call Trace:
      [<c010549b>] show_stack+0x9b/0xb0
      [<c01055ec>] show_registers+0x11c/0x190
      [<c01057cd>] die+0xed/0x160
      [<c031b966>] do_page_fault+0x3f6/0x5d0
      [<c010511f>] error_code+0x4f/0x60
      [<f8ac4e38>] cancel_mads+0x128/0x150 [ib_mad]
      [<f8ac2811>] unregister_mad_agent+0x11/0x130 [ib_mad]
      [<f8ac2a12>] ib_unregister_mad_agent+0x12/0x20 [ib_mad]
      [<f8b10f23>] ib_umad_close+0xf3/0x130 [ib_umad]
      [<c0162937>] __fput+0x187/0x1c0
      [<c01627a9>] fput+0x19/0x20
      [<c0160f7a>] filp_close+0x3a/0x60
      [<c0121ca8>] put_files_struct+0x68/0xa0
      [<c0103cf7>] do_signal+0x47/0x100
      [<c0103ded>] do_notify_resume+0x3d/0x40
      [<c0103f9e>] work_notifysig+0x13/0x25

We traced this back to local_completions unlocking mad_agent_priv->lock
while still keeping a pointer into local_list. A later call to
list_del(&local->completion_list) would then corrupt the list.

To fix this, remove the entry from local_list after looking it up but
before releasing mad_agent_priv->lock, to prevent cancel_mads from
finding and freeing it.

Signed-off-by: Jack Morgenstein <jackm@mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-04-02 14:39:19 -07:00
..
acorn
acpi [PATCH] Don't pass boot parameters to argv_init[] 2006-03-31 12:18:53 -08:00
amba
atm [PATCH] Replace 0xff.. with correct DMA_xBIT_MASK 2006-03-28 09:16:07 -08:00
base [PATCH] Notifier chain update: API changes 2006-03-27 08:44:50 -08:00
block [PATCH] Don't pass boot parameters to argv_init[] 2006-03-31 12:18:53 -08:00
bluetooth [PATCH] pcmcia: use bitfield instead of p_state and state 2006-03-31 17:26:33 +02:00
cdrom [PATCH] Remove MODULE_PARM 2006-03-25 08:22:52 -08:00
char Merge master.kernel.org:/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog 2006-04-02 13:01:11 -07:00
connector [PATCH] sem2mutex: drivers: raw, connector, dcdbas, ppp_generic 2006-03-23 07:38:10 -08:00
cpufreq [CPUFREQ] cpufreq_conservative: keep ignore_nice_load and freq_step values when reselected 2006-03-28 12:20:18 -05:00
crypto [CRYPTO] api: Align tfm context as wide as possible 2006-03-21 20:14:08 +11:00
dio [PATCH] hp300: fix driver_register() return handling, remove dio_module_init() 2006-03-25 08:22:53 -08:00
edac [PATCH] edac_752x needs CONFIG_HOTPLUG 2006-03-31 12:18:54 -08:00
eisa [PATCH] EISA: Ignore generated file drivers/eisa/devlist.h 2006-03-25 08:23:01 -08:00
fc4
firmware [PATCH] Notifier chain update: API changes 2006-03-27 08:44:50 -08:00
hwmon [PATCH] revert incorrect mutex conversion in hdaps driver 2006-04-02 13:02:05 -07:00
i2c [PATCH] RTC subsystem: I2C cleanup 2006-03-27 08:44:51 -08:00
ide Merge master.kernel.org:/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2006-04-02 12:49:59 -07:00
ieee1394 [PATCH] sbp2: fix spinlock recursion 2006-04-02 12:58:09 -07:00
infiniband IB/mad: fix oops in cancel_mads 2006-04-02 14:39:19 -07:00
input Input: synaptics - limit rate to 40pps on Toshiba Protege M300 2006-04-02 00:10:18 -05:00
isdn Merge master.kernel.org:/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2006-04-02 12:49:59 -07:00
leds [PATCH] LED: Add IDE disk activity LED trigger 2006-03-31 12:18:57 -08:00
macintosh Merge ../linux-2.6 2006-03-29 13:24:50 +11:00
mca
md BUG_ON() Conversion in md/raid10.c 2006-04-02 13:34:29 +02:00
media V4L/DVB (3667b): cpia2: fix function prototype 2006-04-02 05:02:33 -03:00
message [PATCH] mark f_ops const in the inode 2006-03-28 09:16:05 -08:00
mfd [PATCH] show MCP menu only on ARCH_SA1100 2006-03-24 07:33:28 -08:00
misc [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
mmc [MMC] Pass -DDEBUG on compiler command line if MMC_DEBUG selected 2006-03-29 09:30:20 +01:00
mtd Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-04-02 12:58:45 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-04-02 12:58:45 -07:00
nubus
oprofile [PATCH] mark f_ops const in the inode 2006-03-28 09:16:05 -08:00
parisc [PARISC] I/O-Space must be ioremap_nocache()'d 2006-03-30 17:48:42 +00:00
parport [PATCH] pcmcia: use bitfield instead of p_state and state 2006-03-31 17:26:33 +02:00
pci [PATCH] sem2mutex: misc static one-file mutexes 2006-03-26 08:56:55 -08:00
pcmcia Merge master.kernel.org:/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2006-04-02 12:49:59 -07:00
pnp [PATCH] pnp: PNP: adjust pnp_register_driver signature 2006-03-27 08:44:53 -08:00
rapidio
rtc [PATCH] RTC subsystem: M48T86 driver 2006-03-27 08:44:52 -08:00
s390 BUG_ON() Conversion in drivers/s390/net/lcs.c 2006-04-02 13:50:14 +02:00
sbus [SPARC]: Respect vm_page_prot in io_remap_page_range(). 2006-03-22 01:15:13 -08:00
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-04-02 12:58:45 -07:00
serial Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-04-02 12:58:45 -07:00
sh
sn Pull sem2mutex-ioc4 into release branch 2006-03-21 08:17:15 -08:00
spi
tc [PATCH] kill _INLINE_ 2006-03-23 07:38:16 -08:00
telephony [PATCH] pcmcia: use bitfield instead of p_state and state 2006-03-31 17:26:33 +02:00
usb Merge master.kernel.org:/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2006-04-02 12:49:59 -07:00
video [PATCH] fbdev: Remove old radeon driver 2006-03-31 12:19:01 -08:00
w1 fix typos "wich" -> "which" 2006-03-24 18:23:14 +01:00
zorro [PATCH] amiga: fix driver_register() return handling, remove zorro_module_init() 2006-03-25 08:22:53 -08:00
Kconfig [PATCH] LED: add LED class 2006-03-31 12:18:56 -08:00
Makefile Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband 2006-04-02 12:51:22 -07:00