[ofa-general] Re: [PATCH] opensm/osm_ucast_lash: fix use after free bug
Hal Rosenstock
hal.rosenstock at gmail.com
Fri Sep 25 16:11:31 PDT 2009
On 9/25/09, Sasha Khapyorsky <sashak at voltaire.com> wrote:
>
> When LASH runs its switch structures cleanup OpenSM can rediscover a
> subnet and 'p_sw' pointer may refer already freed memory, so don't touch
> it, just free our own stuff. (Note also that for valids OpenSM switches
> objects' 'priv' pointers are cleared on lash_cleanup()).
>
> Signed-off-by: Sasha Khapyorsky <sashak at voltaire.com>
Tested-by: Hal Rosenstock <hal.rosenstock at gmail.com>
> ---
> opensm/opensm/osm_ucast_lash.c | 5 +----
> 1 files changed, 1 insertions(+), 4 deletions(-)
>
> diff --git a/opensm/opensm/osm_ucast_lash.c b/opensm/opensm/osm_ucast_lash.c
> index dbc6bcc..3c424cb 100644
> --- a/opensm/opensm/osm_ucast_lash.c
> +++ b/opensm/opensm/osm_ucast_lash.c
> @@ -628,8 +628,7 @@ static switch_t *switch_create(lash_t * p_lash, unsigned
> id, osm_switch_t * p_sw
> }
>
> sw->p_sw = p_sw;
> - if (p_sw)
> - p_sw->priv = sw;
> + p_sw->priv = sw;
>
> if (osm_mesh_node_create(p_lash, sw)) {
> free(sw->dij_channels);
> @@ -644,8 +643,6 @@ static void switch_delete(lash_t *p_lash, switch_t * sw)
> {
> if (sw->dij_channels)
> free(sw->dij_channels);
> - if (sw->p_sw)
> - sw->p_sw->priv = NULL;
> free(sw);
> }
>
> --
> 1.6.5.rc1
>
>
More information about the general
mailing list