[openib-general] [PATCH] osm_mcast_mgr: using deleted handle caused segmentation fault

[Ofer Gigi]

Hi Hal,

In osm_mcast_mgr.c the line 

osm_mgrp_send_delete_notice( p_mgr->p_subn, p_mgr->p_log, p_mgrp );

caused segmentation fault since the handle p_mgrp was already deleted while the 
function was called.

The fix inserted the line above into the protected section.

The bug was found while running 
osmtest -f m -M 3
and running opensm compiled with "efence" - memory allocation tool.

Thanks

Ofer G.

Signed-off-by:  Ofer Gigi <oferg at mellanox.co.il>

Index: osm_mcast_mgr.c
===================================================================
--- osm_mcast_mgr.c     (revision 5887)
+++ osm_mcast_mgr.c     (working copy)
@@ -1673,7 +1673,6 @@ osm_mcast_mgr_process_mgrp_cb(
         osm_mcast_mgr_process_mgrp( p_mgr, p_mgrp, req_type, port_guid );
       p_mgrp->last_tree_id = p_mgrp->last_change_id;
     }
-    CL_PLOCK_RELEASE( p_mgr->p_lock );
 
     /* Remove MGRP only if osm_mcm_port_t count is 0 and
      * Not a well known group
@@ -1690,13 +1689,13 @@ osm_mcast_mgr_process_mgrp_cb(
          Trap 67 : MCGroup delete */
       osm_mgrp_send_delete_notice( p_mgr->p_subn, p_mgr->p_log, p_mgrp );
 
-      CL_PLOCK_EXCL_ACQUIRE( p_mgr->p_lock );
       cl_qmap_remove_item(&p_mgr->p_subn->mgrp_mlid_tbl,
                           (cl_map_item_t *)p_mgrp );
 
       osm_mgrp_destroy(p_mgrp);
-      CL_PLOCK_RELEASE( p_mgr->p_lock );
     }
+
+       CL_PLOCK_RELEASE( p_mgr->p_lock );
     /* no need for CL_PLOCK_RELEASE( p_mgr->p_lock ) - internally done */
     OSM_LOG_EXIT( p_mgr->p_log );
     return signal;