[openib-general] [PATCHv2] osm: OSM crash TRIVIAL bug fix

Yevgeny Kliteynik kliteyn at mellanox.co.il
Thu Aug 17 06:28:49 PDT 2006 

Hi Hal.

> This line wrapped so there is something wrong with your mailer.

I'm using a different mailer now, so I hope that it's ok now.
  
> > +  m->v = NULL; /* just make sure we do not point tofree'd madw */
> 
> Also, is this line really needed (and if so why) ? I know you did say 
> "it cleans up old pointers to retrieved madw" but this shouldn't be 
> accessed, right ?

You're right, it shouldn't be accessed.
But generally, it's a good practice to assign a null to 
any pointer that points to a freed memory, and should not
be in use any more.

> Also, if this is added here, there are other places where the same
> thing should be done ?

I just examined this area of code, so this is what I saw.

-- 
  
Regards,
 
Yevgeny Kliteynik

Mellanox Technologies LTD
Tel: +972-4-909-7200 ext: 394
Fax: +972-4-959-3245
P.O. Box 586 Yokneam 20692 ISRAEL 

On Mon, 2006-08-14 at 16:05 +0300, Hal Rosenstock wrote:
> Hi Yevgeny,
> 
> On Mon, 2006-08-14 at 04:13, Yevgeny Kliteynik wrote: 
> > Hi Hal. 
> >  
> > This patch fixes an OSM crash when working with Cisco's stack. 
> > Cisco's doesn't follow the same TID convention when generating 
> > transaction id which in some bad flow revealed this bug in the 
> > get_madw lookup. 
> > The bug is in get_madw which does not cleanup old pointers to  
> > retrieved madw and also does not detect lookup of its reserved
> "free" 
> > entry of key==0.  
> >  
> > (This better text replaces my previous patch: 
> >  "OSM crash when working with Cisco's TopSpin stack") 
> >  
> > Yevgeny
> 
> Thanks. Good find.
> 
> > Signed-off-by:  Yevgeny Kliteynik < kliteyn at mellanox.co.il> 
> >  
> >  
> > Index: osm/libvendor/osm_vendor_ibumad.c 
> > =================================================================== 
> > --- osm/libvendor/osm_vendor_ibumad.c   (revision 8614) 
> > +++ osm/libvendor/osm_vendor_ibumad.c   (working copy) 
> > @@ -141,12 +141,20 @@ get_madw(osm_vendor_t *p_vend, ib_net64_ 
> >         ib_net64_t mtid = (*tid &
> cl_ntoh64(0x00000000ffffffffllu)); 
> >         osm_madw_t *res; 
> >  
> > +    /* 
> > +     * Since mtid == 0 is the empty key we should not 
> > +     * waste time looking for it 
> > +     */ 
> > +    if (mtid == 0) 
> > +       return 0; 
> > + 
> >         cl_spinlock_acquire( &p_vend->match_tbl_lock );  
> >         for (m = p_vend->mtbl.tbl, e = m + p_vend->mtbl.max; m < e; 
> > m++) { 
> >                 if (m->tid == mtid) { 
> >                         m->tid = 0; 
> >                         *tid = mtid; 
> >                         res = m->v; 
> > +                       m->v = NULL; /* just make sure we do not
> point 
> > to free'd madw */
> 
> This line wrapped so there is something wrong with your mailer.
> 
> Also, is this line really needed (and if so why) ? I know you did say 
> "it cleans up old pointers to retrieved madw" but this shouldn't be 
> accessed, right ? Also, if this is added here, there are other places 
> where the same thing should be done ?
> 
> >
> cl_spinlock_release( &p_vend->match_tbl_lock 
> > ); 
> >                         return res; 
> >                 } 
> > 
> 
> Applied to trunk and 1.1 with the exception noted above.
> 
> -- Hal
>

More information about the general mailing list