Roland, I think I see a race in mthca: let's assume that
a QP is destroyed. We remove the qpn from qp_table.
Before we have the chance to cleanup the CQ, another QP is created
and put in the same slot in table. If the user now polls the CQ he'll see a
completion for a wrong QP, since poll CQ does:
*cur_qp = mthca_array_get(&dev->qp_table.qp,
be32_to_cpu(cqe->my_qpn) &
(dev->limits.num_qps - 1));
Is this analysis right?
If yes, I think we can fix this by testing (*cur_qp)->qpn ==
be32_to_cpu(cqe->my_qpn), does this make sense?
Same for userspace I guess?
It seems a similiar issue exists for CQs, does it not?
And I think it can be solved in a similiar way, checking the CQN?
--
MST
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
