diff options
| author | Shlomo Pongratz <shlomop@mellanox.com> | 2013-02-04 15:29:10 +0000 | 
|---|---|---|
| committer | Roland Dreier <roland@purestorage.com> | 2013-02-05 09:35:06 -0800 | 
| commit | 7e5a90c25f89128c096dbdb0e5451962438b1e05 (patch) | |
| tree | 0f7547c36c7d7ab5ed33a2922c18e452b1b627c7 /lib/cpu-notifier-error-inject.c | |
| parent | 949db153b6466c6f7cad5a427ecea94985927311 (diff) | |
IPoIB: Fix crash due to skb double destruct
After commit b13912bbb4a2 ("IPoIB: Call skb_dst_drop() once skb is
enqueued for sending"), using connected mode and running multithreaded
iperf for long time, ie
    iperf -c <IP> -P 16 -t 3600
results in a crash.
After the above-mentioned patch, the driver is calling skb_orphan() and
skb_dst_drop() after calling post_send() in ipoib_cm.c::ipoib_cm_send()
(also in ipoib_ib.c::ipoib_send())
The problem with this is, as is written in a comment in both routines,
"it's entirely possible that the completion handler will run before we
execute anything after the post_send()."  This leads to running the
skb cleanup routines simultaneously in two different contexts.
The solution is to always perform the skb_orphan() and skb_dst_drop()
before queueing the send work request.  If an error occurs, then it
will be no different than the regular case where dev_free_skb_any() in
the completion path, which is assumed to be after these two routines.
Signed-off-by: Shlomo Pongratz <shlomop@mellanox.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Diffstat (limited to 'lib/cpu-notifier-error-inject.c')
0 files changed, 0 insertions, 0 deletions
