> I've just had a look at the kernel code that implements all this > (uverbs_cmd.c and uverbs_main.c). I haven't found any precautions > against ib_uverbs_comp_handler() accessing *uobj after > ib_uverbs_destroy_cq() has invoked put_uobj(uobj). Did I miss > something ?
The kernel operation is different, since it relies on callbacks. When the kernel ib_destroy_cq() returns, we are guaranteed that the completion handler (ib_uverbs_comp_handler) is not executing and will not be called. After destroying the kernel cq, ib_uverbs_destroy_cq() will remove all references to the destroyed cq from the event list. The issue is that another thread could have retrieved an event for this cq before the cleanup occurs. When ib_uverbs_destroy_cq unwinds back to user space, it returns the total number of events that were retrieved from the kernel. ibv_destroy_cq blocks until the application has processed all cq events, which are indicated by the app calling ibv_ack_cq_events(). - Sean -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
