git.openfabrics.org - ~shefty/rdma-win.git/commit

winverbs: fix crash accessing freed memory from async thread

If an application exits while asynchronous accept processing is queued,
it's possible for the async processing to access the IbCmId after it has
been freed.  A similar problem to this was fixed that dealt with accessing
the verbs QP handle.

A simpler, more generic solution to this problem is to handle application
exit in the same manner as device removal, and lock the winverb provider
lookup lists with exclusive access.  Asynchronous operations that are in
process will run to completion, and future operations will be blocked until
the provider cleanup thread has completed.  Once they run, they will fail
to acquire a reference on the desired object, which should result in a
graceful failure.

This avoids more complicated locking to use handles belonging to the lower
level code.  If a reference on an object can be acquired, the handle will
be available for use until the reference is released.  To handle IB CM
callbacks, additional state checking is required to avoid processing
CM events when we're trying to destroy the endpoint.

Signed-off-by: Sean Hefty <sean.hefty@intel.com>
git-svn-id: svn://openib.tc.cornell.edu/gen1@2462 ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86

author	shefty <shefty@ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86>
	Wed, 23 Sep 2009 21:46:19 +0000 (21:46 +0000)
committer	shefty <shefty@ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86>
	Wed, 23 Sep 2009 21:46:19 +0000 (21:46 +0000)
commit	22bd13e13d11e20ba8f0d94a63e1b425da7ef7f0
tree	0cf8cbb740c4e2007245cb5d582f5fcc749c1fb3	tree \| snapshot
parent	bd9b6ef6d5a239072c72728c4d4d8d6b9aba5d4e	commit \| diff

trunk/core/winverbs/kernel/wv_ep.c		diff \| blob \| history
trunk/core/winverbs/kernel/wv_provider.c		diff \| blob \| history
trunk/core/winverbs/kernel/wv_qp.c		diff \| blob \| history