sdp: sdp_destroy_qp should be protected in destroy work

author Amir Vadai <amirv@mellanox.co.il>

Wed, 23 Jun 2010 08:07:36 +0000 (11:07 +0300)

committer Mukesh Kacker <mukesh.kacker@oracle.com>

Tue, 6 Oct 2015 12:05:06 +0000 (05:05 -0700)
author Amir Vadai <amirv@mellanox.co.il>
Wed, 23 Jun 2010 08:07:36 +0000 (11:07 +0300)
committer Mukesh Kacker <mukesh.kacker@oracle.com>
Tue, 6 Oct 2015 12:05:06 +0000 (05:05 -0700)
diff --git a/drivers/infiniband/ulp/sdp/sdp_main.c b/drivers/infiniband/ulp/sdp/sdp_main.c

index 7521478a7f085116365f07ca2ac3bb1882f08631..46b517272b61f9996597a4ff6087ee522d7a3b4b 100644 (file)
--- a/drivers/infiniband/ulp/sdp/sdp_main.c
+++ b/drivers/infiniband/ulp/sdp/sdp_main.c
@@ -1027,14 +1027,18 @@ static void sdp_destroy_work(struct work_struct *work)
         struct sock *sk = &ssk->isk.sk;
         sdp_dbg(sk, "%s: refcnt %d\n", __func__, atomic_read(&sk->sk_refcnt));
  
+       lock_sock(sk);
         sdp_destroy_qp(ssk);
+       release_sock(sk);
  
         /* Can be sure that rx_comp_work won't be queued from here cause
          * ssk->rx_ring.cq is NULL from here
          */
         cancel_work_sync(&ssk->rx_comp_work);
  
+       lock_sock(sk);
         memset((void *)&ssk->id, 0, sizeof(*ssk) - offsetof(typeof(*ssk), id));
+       release_sock(sk);
  
         sdp_cancel_dreq_wait_timeout(ssk);
  
@@ -1045,10 +1049,13 @@ static void sdp_destroy_work(struct work_struct *work)
                         sock_put(sk, SOCK_REF_CMA);
         }
  
+       lock_sock(sk);
         /* In normal close current state is TCP_TIME_WAIT or TCP_CLOSE
            but if a CM connection is dropped below our legs state could
            be any state */
         sdp_exch_state(sk, ~0, TCP_CLOSE);
+       release_sock(sk);
+
         sock_put(sk, SOCK_REF_RESET);
  }
author	Amir Vadai <amirv@mellanox.co.il>
	Wed, 23 Jun 2010 08:07:36 +0000 (11:07 +0300)
committer	Mukesh Kacker <mukesh.kacker@oracle.com>
	Tue, 6 Oct 2015 12:05:06 +0000 (05:05 -0700)