[openib-general] [PATCH] sdp_conn_put/sdp_conn_hold race

Michael S. Tsirkin mst at mellanox.co.il
Wed Jul 6 10:59:49 PDT 2005


The current sdp_conn_put/sdp_conn_hold implementation
seems to be subject to the following race condition:

- thread A calls sdp_conn_put, atomic dec and test returns 0
- thread B looks up the connection and calls sdp_conn_get,
  incrementing the reference count back to 1
- thread A now goes on to call sdp_conn_destroy, which will
  destroy the connection
- thread B is left with an invalid connection pointer 

As a solution
- sdp_conn_put is moved out of line. checking connection
  reference count is done under the connection table spinlock
  atomically, removing the connection from lookup table
  if the reference drops to 0.

- a new call sdp_conn_put_light is provided for when we
  know this isn't the last reference to the connection.
  This is useful not only for performance reasons, but 
  also for documentation/code clarity purposes: when
  sdp_conn_put_light is used, this isn't the last reference,
  when sdp_conn_put is used, this may be the last reference.
  
Patches follow.
Please comment. 

-- 
MST



More information about the general mailing list