[ofa-general] [PATCHv2] opensm/mesh/lash: Fix use after free problem in osm_mesh_node_delete
Hal Rosenstock
hal.rosenstock at gmail.com
Sun Aug 2 03:50:56 PDT 2009
Hi Sasha,
On Sun, Aug 2, 2009 at 6:09 AM, Sasha Khapyorsky <sashak at voltaire.com>wrote:
> Hi Hal,
>
> On 09:51 Fri 31 Jul , Hal Rosenstock wrote:
> >
> > When osm_mesh_node_delete is called, osm_switch_delete may already have
> > been called so sw->p_sw is no longer valid to be used although it was
> > being used to obtain num_ports.
> >
> > Fix this by performing osm_mesh_delete_switches at the end of
> lash_process.
> >
> > Signed-off-by: Hal Rosenstock <hal.rosenstock at gmail.com>
> > ---
> > Changes since v1:
> > Rather than saving num_ports in the mesh node structure on creation and
> using
> > this on deletion, mesh switches deletion should occur at end of the lash
> > calculation as none of this state is needed after that
> > Approach proposed by Sasha
> >
> > diff --git a/opensm/include/opensm/osm_mesh.h
> b/opensm/include/opensm/osm_mesh.h
> > index 173fa86..89c07e5 100644
> > --- a/opensm/include/opensm/osm_mesh.h
> > +++ b/opensm/include/opensm/osm_mesh.h
> > @@ -1,5 +1,6 @@
> > /*
> > * Copyright (c) 2088 System Fabric Works, Inc.
> > + * Copyright (c) 2009 HNR Consulting. All rights reserved.
> > *
> > * This software is available to you under a choice of one of two
> > * licenses. You may choose to be licensed under the terms of the GNU
> > @@ -70,6 +71,7 @@ typedef struct _mesh_node {
> > } mesh_node_t;
> >
> > void osm_mesh_node_delete(struct _lash *p_lash, struct _switch *sw);
> > +void osm_mesh_delete_switches(struct _lash *p_lash);
> > int osm_mesh_node_create(struct _lash *p_lash, struct _switch *sw);
> > int osm_do_mesh_analysis(struct _lash *p_lash);
> >
> > diff --git a/opensm/opensm/osm_mesh.c b/opensm/opensm/osm_mesh.c
> > index 23fad87..b22fe6e 100644
> > --- a/opensm/opensm/osm_mesh.c
> > +++ b/opensm/opensm/osm_mesh.c
> > @@ -1,5 +1,6 @@
> > /*
> > * Copyright (c) 2008,2009 System Fabric Works, Inc. All rights
> reserved.
> > + * Copyright (c) 2009 HNR Consulting. All rights reserved.
> > *
> > * This software is available to you under a choice of one of two
> > * licenses. You may choose to be licensed under the terms of the GNU
> > @@ -1358,6 +1359,20 @@ void osm_mesh_node_delete(lash_t *p_lash, switch_t
> *sw)
> > }
> >
> > /*
> > + * osm_mesh_delete_switches - cleanup switches resources
> > + */
> > +void osm_mesh_delete_switches(lash_t *p_lash)
> > +{
> > + if (p_lash->switches) {
> > + unsigned id;
> > + for (id = 0; ((int)id) < p_lash->num_switches; id++)
> > + if (p_lash->switches[id])
> > + osm_mesh_node_delete(p_lash,
> > + p_lash->switches[id]);
> > + }
> > +}
>
> Why should it be in osm_mesh.c? osm_mesh_node_create() and
> osm_mesh_node_delete() are called in osm_ucast_lash.c now.
>
> For me it looks that more appropriate place for such cleanup is
> lash_free_structures() func in osm_ucast_lash.c.
Not quite as it cannot be cleaned up until after discover_network_properties
is called and succeeds.
-- Hal
>
>
> Sasha
> _______________________________________________
> general mailing list
> general at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
>
> To unsubscribe, please visit
> http://openib.org/mailman/listinfo/openib-general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20090802/f61c3e60/attachment.html>
More information about the general
mailing list