• Michael S. Tsirkin's avatar
    IPoIB: Fix multicast race between canceling and completing · 9acf6a85
    Michael S. Tsirkin authored
    ipoib_mcast_stop_thread currently tests mcast->query and if it is
    NULL, does not perform wait_for_completion on the mcast and frees the
    mcast object directly.
    
    However, since both operations are done without locking, it is
    possible that ipoib_mcast_join_complete is in progress on this mcast
    object and has set mcast->query to NULL already.
    
    Solve this by:
    - taking priv->lock before we change mcast->query in ipoib_mcast_join_complete,
      and keeping it until we no longer need the mcast object
    - taking priv->lock around mcast->query test in ipoib_mcast_stop_thread
    Signed-off-by: default avatarMichael S. Tsirkin <mst@mellanox.co.il>
    Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
    9acf6a85
ipoib_multicast.c 25.9 KB