From 2767840a5ca73fde62b25e0209aa9269ec4fa7c7 Mon Sep 17 00:00:00 2001 From: Roland Dreier Date: Fri, 10 Oct 2008 15:58:52 -0700 Subject: [PATCH] IPoIB: Always initialize poll_timer to avoid crash on unload ipoib_ib_dev_stop() does del_timer_sync(&priv->poll_timer), but if a P_key for an interface is not found, poll_timer is not initialized, so this leads to a crash or hang. Fix this by moving where poll_timer is initialized to ipoib_ib_dev_init(), which is always called. This fixes . Debugged-by: Yosef Etigin Signed-off-by: Roland Dreier --- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_ib.c b/drivers/infiniband/ulp/ipoib/ipoib_ib.c index 0e748aeeae99..28eb6f03c588 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c @@ -685,10 +685,6 @@ int ipoib_ib_dev_open(struct net_device *dev) queue_delayed_work(ipoib_workqueue, &priv->ah_reap_task, round_jiffies_relative(HZ)); - init_timer(&priv->poll_timer); - priv->poll_timer.function = ipoib_ib_tx_timer_func; - priv->poll_timer.data = (unsigned long)dev; - set_bit(IPOIB_FLAG_INITIALIZED, &priv->flags); return 0; @@ -906,6 +902,9 @@ int ipoib_ib_dev_init(struct net_device *dev, struct ib_device *ca, int port) return -ENODEV; } + setup_timer(&priv->poll_timer, ipoib_ib_tx_timer_func, + (unsigned long) dev); + if (dev->flags & IFF_UP) { if (ipoib_ib_dev_open(dev)) { ipoib_transport_dev_cleanup(dev);