[ofa-general] Re: [PATCHv3] opensm/osm_lash: Fix use after free problem in osm_mesh_node_delete
Hal Rosenstock
hal.rosenstock at gmail.com
Sun Aug 2 04:17:21 PDT 2009
On Sun, Aug 2, 2009 at 7:16 AM, Sasha Khapyorsky <sashak at voltaire.com>wrote:
> On 06:53 Sun 02 Aug , Hal Rosenstock wrote:
> > diff --git a/opensm/opensm/osm_ucast_lash.c
> b/opensm/opensm/osm_ucast_lash.c
> > index 1c55a90..cf8e793 100644
> > --- a/opensm/opensm/osm_ucast_lash.c
> > +++ b/opensm/opensm/osm_ucast_lash.c
> > @@ -5,6 +5,7 @@
> > * Copyright (c) 2007 Simula Research Laboratory. All rights
> reserved.
> > * Copyright (c) 2007 Silicon Graphics Inc. All rights reserved.
> > * Copyright (c) 2008,2009 System Fabric Works, Inc. All rights
> reserved.
> > + * Copyright (c) 2009 HNR Consulting. All rights reserved.
> > *
> > * This software is available to you under a choice of one of two
> > * licenses. You may choose to be licensed under the terms of the GNU
> > @@ -659,6 +660,18 @@ static void switch_delete(lash_t *p_lash, switch_t *
> sw)
> > free(sw);
> > }
> >
> > +static void delete_switches(lash_t *p_lash)
>
> Would delete_mesh_switches() (or cleanup_mesh*()) be a better name? It
> doesn't delete lash's switches, only mesh nodes.
Sure.
>
>
> > +{
> > + if (p_lash->switches) {
> > + unsigned id;
> > + for (id = 0; ((int)id) < p_lash->num_switches; id++)
> > + if (p_lash->switches[id])
> > + osm_mesh_node_delete(p_lash,
> > + p_lash->switches[id]);
> > + }
> > +}
> > +
> > +
> > static void free_lash_structures(lash_t * p_lash)
> > {
> > unsigned int i, j, k;
> > @@ -1219,7 +1232,7 @@ static int lash_process(void *context)
> >
> > return_status = discover_network_properties(p_lash);
>
> discover_network_properties() can fail in a middle of allocations and
> full clean is desired anyway. It should be safe to 'goto Exit' below
> since mesh node deletion is protected against not yet initialized input.
It's not; I had tried doing that.
-- Hal
>
>
> Sasha
>
> > if (return_status != IB_SUCCESS)
> > - goto Exit;
> > + goto Exit2;
> >
> > return_status = init_lash_structures(p_lash);
> > if (return_status != IB_SUCCESS)
> > @@ -1234,6 +1247,9 @@ static int lash_process(void *context)
> > populate_fwd_tbls(p_lash);
> >
> > Exit:
> > + delete_switches(p_lash);
> > +
> > +Exit2:
> > if (p_lash->vl_min)
> > free_lash_structures(p_lash);
> > OSM_LOG_EXIT(p_log);
> >
> _______________________________________________
> general mailing list
> general at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
>
> To unsubscribe, please visit
> http://openib.org/mailman/listinfo/openib-general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20090802/d4d8139d/attachment.html>
More information about the general
mailing list