From c9e65383a20d9a656db70efbf67e57f8115ad776 Mon Sep 17 00:00:00 2001 From: Chris Mason Date: Tue, 11 May 2010 15:14:16 -0700 Subject: rds: Fix RDMA message reference counting The RDS send_xmit code was trying to get fancy with message counting and was dropping the final reference on the RDMA messages too early. This resulted in memory corruption and oopsen. The fix here is to always add a ref as the parts of the message passes through rds_send_xmit, and always drop a ref as the parts of the message go through completion handling. Signed-off-by: Chris Mason --- net/rds/ib_send.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'net/rds/ib_send.c') diff --git a/net/rds/ib_send.c b/net/rds/ib_send.c index 657037d96cbf..82459e52c771 100644 --- a/net/rds/ib_send.c +++ b/net/rds/ib_send.c @@ -268,11 +268,12 @@ void rds_ib_send_cq_comp_handler(struct ib_cq *cq, void *context) if (send->s_queued + HZ/2 < jiffies) rds_ib_stats_inc(s_ib_tx_stalled); - if (&send->s_op == &rm->m_final_op) { - /* If anyone waited for this message to get flushed out, wake - * them up now */ - rds_message_unmapped(rm); - + if (send->s_op) { + if (send->s_op == rm->m_final_op) { + /* If anyone waited for this message to get flushed out, wake + * them up now */ + rds_message_unmapped(rm); + } rds_message_put(rm); send->s_op = NULL; } -- cgit v1.2.2