[Openib-windows] [PATCH] access to freed object in ioc_pnp

[Fabian Tillier]

Hi Jan, Yossi,

On 8/3/06, Jan Bottorff <jbottorff at xsigo.com> wrote:
> Hi Guys,
>
> I submitted this bug, and attempted a fix almost exactly like this
> patch. It prevented the crash, but the result was the system got stuck
> on shutdown instead, waiting for references to some AL object to be
> freed.

The IOC PnP manager in IBAL is a global object (ioc_pnp_mgr_t), with a
child object per port called IOC PnP service (ioc_pnp_svc_t).  Each
service manages queries on its own port, and each such query takes a
reference on the service while the query is outstanding

The sweeps of the fabric by the services is initiated by a timer in
the manager.  When the timer expires, the manager's reference count is
incremented for each service on which a sweep is outstanding.  When
the sweep results from each agent are coallesced and processed, the
reference count is decremented.

For SA queries, the IOC PnP service object has a reference taken on it
until the query completes.

For DM queries, the IOC PnP service's DM MAD service will prevent
destruction while a query is outstanding.

> You might want to ponder if some more cleanup of data structures are
> needed.

The dereference of the manager object is missing.  That said, I am
going to take a little time to make sure there aren't some holes in
the synchronization beyond this.  Stay tuned for a patch.

- Fab