[openib-general] Re: cm crash
Michael S. Tsirkin
mst at mellanox.co.il
Mon May 8 01:45:06 PDT 2006
Quoting r. Sean Hefty <sean.hefty at intel.com>:
> This is a user issue where they try to destroy the cm_id twice. A user cannot
> call ib_destroy_cm_id() and return non-zero from a callback on that same ID.
>
> We cannot fix this in the CM. If the thread calling ib_destroy_cm_id() is
> delayed, then the callback handler will return, and cleanup will occur. The
> thread calling ib_destroy_cm_id() will then reference invalid memory.
Hmm. Let's look at CMA - I'm a little more familiar with it.
There is a case of RDMA_CM_EVENT_CONNECT_REQUEST, where a new
cma_id was created for me by cm. In this case I don't track the id so
won't be destroying the id.
So it seems I must do:
return event->event == RDMA_CM_EVENT_CONNECT_REQUEST ?
-EINVAL : 0;
Idea: could there be a special code (positive code?) that will have
meaning "I am destroying this id, don't proceed"?
This should destroy the id only if CMA created it as a result of
RDMA_CM_EVENT_CONNECT_REQUEST.
Does this make sense?
--
MST
More information about the general
mailing list