On Thu, 24 Sep 2020 12:06:37 +0530 Rohit Maheshwari wrote: > + if (chcr_setup_connection(sk, tx_info)) > + goto put_module; > + > + /* Wait for reply */ > + wait_for_completion_timeout(&tx_info->completion, 30 * HZ); > + if (tx_info->open_pending) > + goto put_module;
How do you handle reply coming back after timeout? Won't chcr_ktls_cpl_act_open_rpl() access tx_info after it has already been freed? > + /* initialize tcb */ > + reinit_completion(&tx_info->completion); > + tx_info->open_pending = true; > + > + if (chcr_init_tcb_fields(tx_info)) > + goto free_tid; > + > + /* Wait for reply */ > + wait_for_completion_timeout(&tx_info->completion, 30 * HZ); > + if (tx_info->open_pending) > + goto free_tid; > + > + if (!cxgb4_check_l2t_valid(tx_info->l2te)) > + goto close_tcb; > + > + atomic64_inc(&adap->ch_ktls_stats.ktls_tx_ctx); > + tx_ctx->chcr_info = tx_info; > > - atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_open); > return 0; > -out2: > + > +close_tcb: > + chcr_ktls_mark_tcb_close(tx_info); > +free_tid: > +#if IS_ENABLED(CONFIG_IPV6) > + /* clear clip entry */ > + if (tx_info->ip_family == AF_INET6) > + cxgb4_clip_release(netdev, (const u32 *) > + &sk->sk_v6_rcv_saddr, > + 1); > +#endif > + cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan, > + tx_info->tid, tx_info->ip_family); > + > +put_module: > + /* release module refcount */ > + module_put(THIS_MODULE); > +free_l2t: > + cxgb4_l2t_release(tx_info->l2te); > +free_tx_info: > kvfree(tx_info); > out: > atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_fail); > - return ret; > + return -1; > }
