[openib-general] probable reference count bug in core/mad.c
Sean Hefty
mshefty at ichips.intel.com
Tue Jan 10 12:40:54 PST 2006
Ralph Campbell wrote:
> I have been looking at the code for core/mad.c and in timeout_sends(),
> the mad_send_wr is removed from the list of pending sends and
> then retry_send() is called. In retry_send(), if the MAD is resent,
> mad_send_wr->refcount is incremented and the WR is put pack on
> the list of pending sends.
>
> This seems wrong to me. Either there should be no increment, or
> there should be a decrement when the WR is removed from the list.
> Also, I think there may be a dependency on whether
> mad_send_wr->timeout is zero or not.
The increment is done because the MAD has been reposted to the QP and will be
referenced by a CQ entry. The decrement happens once the completion occurs.
This should be correct.
- Sean
More information about the general
mailing list