Fix synchronization issue where a destroyed CEP could successfully issue
authorftillier <ftillier@ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86>
Thu, 18 Aug 2005 18:38:23 +0000 (18:38 +0000)
committerftillier <ftillier@ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86>
Thu, 18 Aug 2005 18:38:23 +0000 (18:38 +0000)
a GET_EVENT IOCTL due to the CID being recycled too quicly.

git-svn-id: svn://openib.tc.cornell.edu/gen1/trunk@53 ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86

core/al/user/ual_cm_cep.c

index 505b320..5b28420 100644 (file)
@@ -370,20 +370,26 @@ al_destroy_cep(
                if( p_cep && p_cep->h_al == h_al )\r
                        cl_ptr_vector_set( &gp_cep_mgr->cep_vector, cid, NULL );\r
                else\r
-                       p_cep = NULL;\r
+                       goto invalid;\r
        }\r
        else\r
        {\r
-               p_cep = NULL;\r
-       }\r
-       cl_spinlock_release( &gp_cep_mgr->obj.lock );\r
-\r
-       if( !p_cep )\r
-       {\r
+invalid:\r
+               cl_spinlock_release( &gp_cep_mgr->obj.lock );\r
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_PARAMETER;\r
        }\r
 \r
+       /*\r
+        * Destroy the kernel CEP right away.  We must synchronize with issuing\r
+        * the next GET_EVENT IOCTL.\r
+        */\r
+       DeviceIoControl( g_al_device, UAL_DESTROY_CEP, &p_cep->cid,\r
+               sizeof(p_cep->cid), NULL, 0, &bytes_ret, NULL );\r
+       p_cep->cid = AL_INVALID_CID;\r
+\r
+       cl_spinlock_release( &gp_cep_mgr->obj.lock );\r
+\r
        p_cep->pfn_destroy_cb = pfn_destroy_cb;\r
 \r
        /*\r
@@ -394,10 +400,6 @@ al_destroy_cep(
        cl_qlist_remove_item( &h_al->cep_list, &p_cep->al_item );\r
        cl_spinlock_release( &h_al->obj.lock );\r
 \r
-       /* Destroy the kernel CEP right away. */\r
-       DeviceIoControl( g_al_device, UAL_DESTROY_CEP, &p_cep->cid,\r
-               sizeof(p_cep->cid), NULL, 0, &bytes_ret, NULL );\r
-\r
        if( !cl_atomic_dec( &p_cep->ref_cnt ) )\r
        {\r
                /* We have no remaining refrences. */\r
@@ -1367,6 +1369,7 @@ cm_cb(
        IN                              LPOVERLAPPED                            p_ov )\r
 {\r
        ucep_t                  *p_cep;\r
+       BOOL                    ret;\r
 \r
        AL_ENTER( AL_DBG_CM );\r
 \r
@@ -1379,9 +1382,13 @@ cm_cb(
        {\r
                p_cep->pfn_cb( p_cep->h_al, p_cep->cid );\r
 \r
-               if( !DeviceIoControl( gp_cep_mgr->h_file, UAL_CEP_GET_EVENT,\r
+               /* Synchronize with destruction. */\r
+               cl_spinlock_acquire( &gp_cep_mgr->obj.lock );\r
+               ret = DeviceIoControl( gp_cep_mgr->h_file, UAL_CEP_GET_EVENT,\r
                        &p_cep->cid, sizeof(p_cep->cid), NULL, 0,\r
-                       NULL, &p_cep->ov ) && GetLastError() == ERROR_IO_PENDING )\r
+                       NULL, &p_cep->ov );\r
+               cl_spinlock_release( &gp_cep_mgr->obj.lock );\r
+               if( !ret && GetLastError() == ERROR_IO_PENDING )\r
                {\r
                        AL_EXIT( AL_DBG_CM );\r
                        return;\r