From: Michael S. Tsirkin Date: Wed, 26 Jul 2006 13:02:53 +0000 (+0300) Subject: IB/mthca: Fix mthca_array_clear() thinko X-Git-Tag: v2.6.18-rc4~56 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=bf74c7479ef47652005a2418eeb0d867451690da;p=linux-2.6-omap-h63xx.git IB/mthca: Fix mthca_array_clear() thinko mthca_array_clear() does not clear the slot if the used count is positive. This leads to crashes in mthca_qp_event() since that uses mthca_array_get() to check that the qp is valid. Discovered by Ali Ayoub. Signed-off-by: Michael S. Tsirkin Signed-off-by: Roland Dreier --- diff --git a/drivers/infiniband/hw/mthca/mthca_allocator.c b/drivers/infiniband/hw/mthca/mthca_allocator.c index 9ba3211cef7..848e583273d 100644 --- a/drivers/infiniband/hw/mthca/mthca_allocator.c +++ b/drivers/infiniband/hw/mthca/mthca_allocator.c @@ -144,7 +144,9 @@ void mthca_array_clear(struct mthca_array *array, int index) if (--array->page_list[p].used == 0) { free_page((unsigned long) array->page_list[p].page); array->page_list[p].page = NULL; - } + } else + array->page_list[p].page[index & (PAGE_SIZE / + sizeof (void *) - 1)] = NULL; if (array->page_list[p].used < 0) pr_debug("Array %p index %d page %d with ref count %d < 0\n",