<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3243" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT size=2><FONT size=1>
<P><FONT face=Arial><FONT size=2>[MLX4] fixed application crash in case of IOCTL
failure.<SPAN class=978441918-23112008> [mlnx:3498]</SPAN></FONT></FONT></P>
<P><FONT face=Arial size=2>The crash<SPAN class=978441918-23112008> is
caus</SPAN>ed by double cleaning of vendor objects: once upon handling IOCTL
error in post function, second time - when IBAL calls destroy function for
cleanup.</FONT></P></FONT></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Index:
core/al/user/ual_cq.c<BR>===================================================================<BR>---
core/al/user/ual_cq.c (revision 1765)<BR>+++
core/al/user/ual_cq.c (working copy)<BR>@@ -162,19 +162,6
@@<BR> h_cq->h_rearm_n_cq =
h_cq;<BR> }<BR> <BR>- if( status != IB_SUCCESS
)<BR>- {<BR>- CL_ASSERT( !h_cq->h_ci_cq
);<BR>- /*<BR>- * If we failed to create the CQ in the
kernel, clear the h_ci_cq<BR>- * pointer to prevent trying to clean
it up later. This is needed<BR>- * to work-around the uVPD
incorrectly setting the handle in the<BR>- * post_create_cq call
even in the case of a failure.<BR>- */<BR>- /* TODO: Fix
the UVP. */<BR>- h_cq->h_ci_cq =
NULL;<BR>- }<BR>-<BR> AL_EXIT( AL_DBG_CQ
);<BR> return status;<BR> }<BR>Index:
hw/mlx4/user/hca/verbs.c<BR>===================================================================<BR>---
hw/mlx4/user/hca/verbs.c (revision 1765)<BR>+++
hw/mlx4/user/hca/verbs.c (working copy)<BR>@@ -96,6 +96,7
@@<BR> if (!mlx4_fill_context(context,
p_resp))<BR> {<BR> status =
IB_INSUFFICIENT_RESOURCES;<BR>+ *ph_uvp_ca =
NULL;<BR> goto
end;<BR> }<BR> }<BR>@@ -115,6 +116,7
@@<BR> CL_ASSERT(context);<BR> <BR> if (IB_SUCCESS ==
ioctl_status)<BR>+ <BR> mlx4_free_context(context);<BR> <BR> return
IB_SUCCESS;<BR>@@ -185,6 +187,7
@@<BR> else<BR> {<BR> cl_free(to_mpd(pd));<BR>+ *ph_uvp_pd
= NULL;<BR> }<BR> <BR> cl_free(p_resp);<BR>@@
-329,6 +332,7
@@<BR> else<BR> {<BR> mlx4_post_destroy_cq
(*ph_uvp_cq, IB_SUCCESS);<BR>+ *ph_uvp_cq =
NULL;<BR> }<BR> <BR> cl_free(p_resp);<BR>@@
-489,6 +493,7
@@<BR> else<BR> {<BR> mlx4_post_destroy_srq
(*ph_uvp_srq, IB_SUCCESS);<BR>+ *ph_uvp_srq =
NULL;<BR> }<BR> <BR> cl_free(p_resp);<BR>@@ -813,6
+818,7
@@<BR> else<BR> {<BR> mlx4_post_destroy_qp(*ph_uvp_qp,
IB_SUCCESS);<BR>+ *ph_uvp_qp =
NULL;<BR> }<BR> <BR> cl_free(p_resp);<BR>@@ -1361,6
+1367,7
@@<BR> else<BR> {<BR> mlx4_post_destroy_srq
(*ph_uvp_srq, IB_SUCCESS);<BR>+ *ph_uvp_srq =
NULL;<BR> }<BR> <BR> cl_free( p_resp );<BR>@@ -1442,6
+1449,7
@@<BR> else<BR> {<BR> cl_free(to_mxrcd(xrcd));<BR>+ *ph_uvp_xrcd
=
NULL;<BR> }<BR> <BR> cl_free(p_resp);<BR>Index:
hw/mthca/user/mlnx_ual_cq.c<BR>===================================================================<BR>---
hw/mthca/user/mlnx_ual_cq.c (revision 1765)<BR>+++
hw/mthca/user/mlnx_ual_cq.c (working copy)<BR>@@ -57,8 +57,6
@@<BR> struct ibv_create_cq *p_create_cq;<BR> int
err;<BR> <BR>- UNREFERENCED_PARAMETER(ph_uvp_cq);<BR>-<BR> UVP_ENTER(UVP_DBG_CQ);<BR> <BR> CL_ASSERT(p_umv_buf);<BR>@@
-83,6 +81,7 @@<BR> goto
err_alloc_cq;<BR> }<BR> <BR>+ *ph_uvp_cq =
(ib_cq_handle_t)(ULONG_PTR)p_create_cq->user_handle;<BR> goto
end;<BR> <BR> err_alloc_cq:<BR>@@ -128,11 +127,13
@@<BR> <BR> *ph_uvp_cq =
(ib_cq_handle_t)ibv_cq;<BR> }<BR>- goto end;<BR>+ else
{<BR>+ ibv_cq = (struct ibv_cq
*)*ph_uvp_cq;<BR>+ ibv_cq->context->ops.destroy_cq( ibv_cq
);<BR>+ *ph_uvp_cq =
NULL;<BR>+ }<BR> <BR>- p_hobul->ibv_ctx->ops.destroy_cq(ibv_cq);<BR> err_create_cq:<BR>-end: <BR> if
(p_resp)<BR> cl_free( p_resp
);<BR> UVP_EXIT(UVP_DBG_CQ);<BR></FONT></DIV></BODY></HTML>