From 73728763666a46df5789af93b50db53cdf64afd6 Mon Sep 17 00:00:00 2001 From: Sean Hefty Date: Fri, 10 Apr 2009 08:07:44 -0700 Subject: [PATCH] The IBAL-SCM provider will run into an inifinite loop if the check for cr->socket > SCM_MAX_CONN - 1 fails. The code continues back to the start of the while loop without moving to the next connection request entry in the list. Signed-off-by: Sean Hefty --- dapl/ibal-scm/dapl_ibal-scm_cm.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dapl/ibal-scm/dapl_ibal-scm_cm.c b/dapl/ibal-scm/dapl_ibal-scm_cm.c index 6a050b8..408dc9a 100644 --- a/dapl/ibal-scm/dapl_ibal-scm_cm.c +++ b/dapl/ibal-scm/dapl_ibal-scm_cm.c @@ -1502,14 +1502,14 @@ void cr_thread(void *arg) while (next_cr) { cr = next_cr; + next_cr = dapl_llist_next_entry((DAPL_LLIST_HEAD*) + &hca_ptr->ib_trans.list, + (DAPL_LLIST_ENTRY*)&cr->entry); //dapl_dbg_log (DAPL_DBG_TYPE_CM," CR_thread: cm_ptr %p\n", cr ); if (cr->l_socket == -1 || hca_ptr->ib_trans.cr_state != IB_THREAD_RUN) { dapl_dbg_log(DAPL_DBG_TYPE_CM," thread: Freeing %p\n", cr); - next_cr = dapl_llist_next_entry((DAPL_LLIST_HEAD*) - &hca_ptr->ib_trans.list, - (DAPL_LLIST_ENTRY*)&cr->entry); dapl_llist_remove_entry((DAPL_LLIST_HEAD*) &hca_ptr->ib_trans.list, (DAPL_LLIST_ENTRY*)&cr->entry); @@ -1517,6 +1517,9 @@ void cr_thread(void *arg) continue; } + if (cr->socket == -1) { + continue; + } if (cr->socket > SCM_MAX_CONN-1) { dapl_dbg_log(DAPL_DBG_TYPE_ERR, "SCM ERR: cr->socket(%d) exceeded FD_SETSIZE %d\n", @@ -1559,9 +1562,6 @@ void cr_thread(void *arg) } } dapl_os_lock( &hca_ptr->ib_trans.lock ); - next_cr = dapl_llist_next_entry((DAPL_LLIST_HEAD*) - &hca_ptr->ib_trans.list, - (DAPL_LLIST_ENTRY*)&cr->entry ); } dapl_os_unlock( &hca_ptr->ib_trans.lock ); -- 2.46.0