[ofa-general] [PATCHv2] opensm/mesh/lash: Fix use after free problem in osm_mesh_node_delete
Sasha Khapyorsky
sashak at voltaire.com
Sun Aug 2 03:09:40 PDT 2009
Hi Hal,
On 09:51 Fri 31 Jul , Hal Rosenstock wrote:
>
> When osm_mesh_node_delete is called, osm_switch_delete may already have
> been called so sw->p_sw is no longer valid to be used although it was
> being used to obtain num_ports.
>
> Fix this by performing osm_mesh_delete_switches at the end of lash_process.
>
> Signed-off-by: Hal Rosenstock <hal.rosenstock at gmail.com>
> ---
> Changes since v1:
> Rather than saving num_ports in the mesh node structure on creation and using
> this on deletion, mesh switches deletion should occur at end of the lash
> calculation as none of this state is needed after that
> Approach proposed by Sasha
>
> diff --git a/opensm/include/opensm/osm_mesh.h b/opensm/include/opensm/osm_mesh.h
> index 173fa86..89c07e5 100644
> --- a/opensm/include/opensm/osm_mesh.h
> +++ b/opensm/include/opensm/osm_mesh.h
> @@ -1,5 +1,6 @@
> /*
> * Copyright (c) 2088 System Fabric Works, Inc.
> + * Copyright (c) 2009 HNR Consulting. All rights reserved.
> *
> * This software is available to you under a choice of one of two
> * licenses. You may choose to be licensed under the terms of the GNU
> @@ -70,6 +71,7 @@ typedef struct _mesh_node {
> } mesh_node_t;
>
> void osm_mesh_node_delete(struct _lash *p_lash, struct _switch *sw);
> +void osm_mesh_delete_switches(struct _lash *p_lash);
> int osm_mesh_node_create(struct _lash *p_lash, struct _switch *sw);
> int osm_do_mesh_analysis(struct _lash *p_lash);
>
> diff --git a/opensm/opensm/osm_mesh.c b/opensm/opensm/osm_mesh.c
> index 23fad87..b22fe6e 100644
> --- a/opensm/opensm/osm_mesh.c
> +++ b/opensm/opensm/osm_mesh.c
> @@ -1,5 +1,6 @@
> /*
> * Copyright (c) 2008,2009 System Fabric Works, Inc. All rights reserved.
> + * Copyright (c) 2009 HNR Consulting. All rights reserved.
> *
> * This software is available to you under a choice of one of two
> * licenses. You may choose to be licensed under the terms of the GNU
> @@ -1358,6 +1359,20 @@ void osm_mesh_node_delete(lash_t *p_lash, switch_t *sw)
> }
>
> /*
> + * osm_mesh_delete_switches - cleanup switches resources
> + */
> +void osm_mesh_delete_switches(lash_t *p_lash)
> +{
> + if (p_lash->switches) {
> + unsigned id;
> + for (id = 0; ((int)id) < p_lash->num_switches; id++)
> + if (p_lash->switches[id])
> + osm_mesh_node_delete(p_lash,
> + p_lash->switches[id]);
> + }
> +}
Why should it be in osm_mesh.c? osm_mesh_node_create() and
osm_mesh_node_delete() are called in osm_ucast_lash.c now.
For me it looks that more appropriate place for such cleanup is
lash_free_structures() func in osm_ucast_lash.c.
Sasha
More information about the general
mailing list