[ofa-general] [PATCH] opensm/osm_subnet: fix crash in qos string config parameters reloading

Mon Feb 23 09:03:42 PST 2009

This fixes double free() crash in qos string config parameters
reloading. Assuming that qos parameters can be specified using config
file only we will always keep this in sync with options copy loaded from
file.

Signed-off-by: Sasha Khapyorsky <sashak at voltaire.com>
---

On 09:40 Mon 23 Feb     , Eli Dorfman (Voltaire) wrote:
> Command Line Arguments:
>  Log File: /var/log/opensm.log
> -------------------------------------------------
> OpenSM 3.3.0_c4d9bcf

[snip...]

> Using default GUID 0x2c9020022f019
>  Loading Cached Option:qos_vlarb_high = 0:4,1:0,2:0,3:0,4:0,5:0,6:0,7:0,8:0,9:0,10:0,11:0,12:0,13:0,14:0
> *** glibc detected *** ./sbin/opensm: double free or corruption (!prev): 0x000000001bd932b0 ***

This happens because qos string parameter is freed separately in
subn_init_qos_options() and its mirror pointer in file config copy still
refer already not allocated memory. Thanks for finding this. The patch
should fix the issue.

Sasha

 opensm/opensm/osm_subnet.c |   29 ++++++++++++++++++-----------
 1 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/opensm/opensm/osm_subnet.c b/opensm/opensm/osm_subnet.c
index 01478be..b3100a4 100644
--- a/opensm/opensm/osm_subnet.c
+++ b/opensm/opensm/osm_subnet.c
@@ -640,7 +640,7 @@ static void subn_set_default_qos_options(IN osm_qos_options_t * opt)
 	opt->sl2vl = OSM_DEFAULT_QOS_SL2VL;
 }
 
-static void subn_init_qos_options(IN osm_qos_options_t * opt)
+static void subn_init_qos_options(osm_qos_options_t *opt, osm_qos_options_t *f)
 {
 	opt->max_vls = 0;
 	opt->high_limit = -1;
@@ -653,6 +653,8 @@ static void subn_init_qos_options(IN osm_qos_options_t * opt)
 	if (opt->sl2vl)
 		free(opt->sl2vl);
 	opt->sl2vl = NULL;
+	if (f)
+		memcpy(f, opt, sizeof(*f));
 }
 
 /**********************************************************************
@@ -743,11 +745,11 @@ void osm_subn_set_default_opt(IN osm_subn_opt_t * const p_opt)
 	p_opt->no_clients_rereg = FALSE;
 	p_opt->prefix_routes_file = strdup(OSM_DEFAULT_PREFIX_ROUTES_FILE);
 	p_opt->consolidate_ipv6_snm_req = FALSE;
-	subn_init_qos_options(&p_opt->qos_options);
-	subn_init_qos_options(&p_opt->qos_ca_options);
-	subn_init_qos_options(&p_opt->qos_sw0_options);
-	subn_init_qos_options(&p_opt->qos_swe_options);
-	subn_init_qos_options(&p_opt->qos_rtr_options);
+	subn_init_qos_options(&p_opt->qos_options, NULL);
+	subn_init_qos_options(&p_opt->qos_ca_options, NULL);
+	subn_init_qos_options(&p_opt->qos_sw0_options, NULL);
+	subn_init_qos_options(&p_opt->qos_swe_options, NULL);
+	subn_init_qos_options(&p_opt->qos_rtr_options, NULL);
 }
 
 /**********************************************************************
@@ -1192,11 +1194,16 @@ int osm_subn_rescan_conf_files(IN osm_subn_t * const p_subn)
 		return -1;
 	}
 
-	subn_init_qos_options(&p_opts->qos_options);
-	subn_init_qos_options(&p_opts->qos_ca_options);
-	subn_init_qos_options(&p_opts->qos_sw0_options);
-	subn_init_qos_options(&p_opts->qos_swe_options);
-	subn_init_qos_options(&p_opts->qos_rtr_options);
+	subn_init_qos_options(&p_opts->qos_options,
+			      &p_opts->file_opts->qos_options);
+	subn_init_qos_options(&p_opts->qos_ca_options,
+			      &p_opts->file_opts->qos_ca_options);
+	subn_init_qos_options(&p_opts->qos_sw0_options,
+			      &p_opts->file_opts->qos_sw0_options);
+	subn_init_qos_options(&p_opts->qos_swe_options,
+			      &p_opts->file_opts->qos_swe_options);
+	subn_init_qos_options(&p_opts->qos_rtr_options,
+			      &p_opts->file_opts->qos_rtr_options);
 
 	while (fgets(line, 1023, opts_file) != NULL) {
 		/* get the first token */
-- 
1.6.1.2.319.gbd9e


