[openib-general] [PATCH] sdp_conn_put/sdp_conn_hold race
Michael S. Tsirkin
mst at mellanox.co.il
Wed Jul 6 10:59:49 PDT 2005
The current sdp_conn_put/sdp_conn_hold implementation
seems to be subject to the following race condition:
- thread A calls sdp_conn_put, atomic dec and test returns 0
- thread B looks up the connection and calls sdp_conn_get,
incrementing the reference count back to 1
- thread A now goes on to call sdp_conn_destroy, which will
destroy the connection
- thread B is left with an invalid connection pointer
As a solution
- sdp_conn_put is moved out of line. checking connection
reference count is done under the connection table spinlock
atomically, removing the connection from lookup table
if the reference drops to 0.
- a new call sdp_conn_put_light is provided for when we
know this isn't the last reference to the connection.
This is useful not only for performance reasons, but
also for documentation/code clarity purposes: when
sdp_conn_put_light is used, this isn't the last reference,
when sdp_conn_put is used, this may be the last reference.
Patches follow.
Please comment.
--
MST
More information about the general
mailing list