[openib-general] Re: [OOPS] user-mode verbs
Roland Dreier
roland at topspin.com
Wed May 4 20:44:50 PDT 2005
Thanks for the stress testing, it's definitely very useful. I think I
now understand what's causing the issue you're seeing -- I wrote some
pretty dumb code. For example, ib_uverbs_destroy_qp() does:
ret = ib_destroy_qp(qp);
and then a few lines later:
list_del(&qp->uobject->list);
Of course "qp" has already been freed so if we're unlucky the contents
may have already changed by the time we get to read the qp->uobject
value.
It turns out I made this mistake a bunch of places in uverbs_cmd.c, so
I won't have a fix until tomorrow. I think the other oops is probably
caused by:
ret = ib_dereg_mr(mr);
/* la la la ... */
memobj = container_of(mr->uobject, struct ib_umem_object, uobject);
ib_umem_release(file->device->ib_dev, &memobj->umem);
I promise to start testing with CONFIG_DEBUG_SLAB=y.
- R.
More information about the general
mailing list