[ofa-general] [PATCH] opensm/osm_mesh: Fix use after free problem in osm_mesh_node_delete

Hal Rosenstock hnrose at comcast.net
Fri Jul 24 16:03:03 PDT 2009 

When osm_mesh_node_delete is called, osm_switch_delete may already have
been called so sw->p_sw is no longer valid to be used although it was
being used to obtain num_ports.

Fix this by saving num_ports in mesh node structure on create and use
this on delete.   

Signed-off-by: Hal Rosenstock <hal.rosenstock at gmail.com>
---
diff --git a/opensm/include/opensm/osm_mesh.h b/opensm/include/opensm/osm_mesh.h
index 173fa86..3dfb047 100644
--- a/opensm/include/opensm/osm_mesh.h
+++ b/opensm/include/opensm/osm_mesh.h
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2088      System Fabric Works, Inc.
+ * Copyright (c) 2009      HNR Consulting. All rights reserved.
  *
  * This software is available to you under a choice of one of two
  * licenses.  You may choose to be licensed under the terms of the GNU
@@ -65,6 +66,7 @@ typedef struct _mesh_node {
 	int dimension;			/* apparent dimension of mesh around node */
 	int temp;			/* temporary holder for distance info */
 	int type;			/* index of node type in mesh_info array */
+	unsigned num_ports;
 	unsigned int num_links;		/* number of 'links' to adjacent switches */
 	link_t *links[0];		/* per link information */
 } mesh_node_t;
diff --git a/opensm/opensm/osm_mesh.c b/opensm/opensm/osm_mesh.c
index 23fad87..f78d834 100644
--- a/opensm/opensm/osm_mesh.c
+++ b/opensm/opensm/osm_mesh.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2008,2009      System Fabric Works, Inc. All rights reserved.
+ * Copyright (c) 2009           HNR Consulting. All rights reserved.
  *
  * This software is available to you under a choice of one of two
  * licenses.  You may choose to be licensed under the terms of the GNU
@@ -1323,7 +1324,7 @@ void osm_mesh_node_delete(lash_t *p_lash, switch_t *sw)
 	osm_log_t *p_log = &p_lash->p_osm->log;
 	int i;
 	mesh_node_t *node = sw->node;
-	unsigned num_ports = sw->p_sw->num_ports;
+	unsigned num_ports = node->num_ports;
 
 	OSM_LOG_ENTER(p_log);
 
@@ -1383,6 +1384,8 @@ int osm_mesh_node_create(lash_t *p_lash, switch_t *sw)
 		node->links[i]->switch_id = NONE;
 	}
 
+	node->num_ports = num_ports;
+
 	OSM_LOG_EXIT(p_log);
 	return 0;

More information about the general mailing list