[openib-general] [PATCH] osm_mcast_mgr: using deleted handle caused segmentation fault
Ofer Gigi
oferg at mellanox.co.il
Mon Mar 20 04:53:14 PST 2006
Hi Hal,
In osm_mcast_mgr.c the line
osm_mgrp_send_delete_notice( p_mgr->p_subn, p_mgr->p_log, p_mgrp );
caused segmentation fault since the handle p_mgrp was already deleted while the
function was called.
The fix inserted the line above into the protected section.
The bug was found while running
osmtest -f m -M 3
and running opensm compiled with "efence" - memory allocation tool.
Thanks
Ofer G.
Signed-off-by: Ofer Gigi <oferg at mellanox.co.il>
Index: osm_mcast_mgr.c
===================================================================
--- osm_mcast_mgr.c (revision 5887)
+++ osm_mcast_mgr.c (working copy)
@@ -1673,7 +1673,6 @@ osm_mcast_mgr_process_mgrp_cb(
osm_mcast_mgr_process_mgrp( p_mgr, p_mgrp, req_type, port_guid );
p_mgrp->last_tree_id = p_mgrp->last_change_id;
}
- CL_PLOCK_RELEASE( p_mgr->p_lock );
/* Remove MGRP only if osm_mcm_port_t count is 0 and
* Not a well known group
@@ -1690,13 +1689,13 @@ osm_mcast_mgr_process_mgrp_cb(
Trap 67 : MCGroup delete */
osm_mgrp_send_delete_notice( p_mgr->p_subn, p_mgr->p_log, p_mgrp );
- CL_PLOCK_EXCL_ACQUIRE( p_mgr->p_lock );
cl_qmap_remove_item(&p_mgr->p_subn->mgrp_mlid_tbl,
(cl_map_item_t *)p_mgrp );
osm_mgrp_destroy(p_mgrp);
- CL_PLOCK_RELEASE( p_mgr->p_lock );
}
+
+ CL_PLOCK_RELEASE( p_mgr->p_lock );
/* no need for CL_PLOCK_RELEASE( p_mgr->p_lock ) - internally done */
OSM_LOG_EXIT( p_mgr->p_log );
return signal;
More information about the general
mailing list