[ofw] NULL pointer dereference in WSD provider
Tzachi Dar
tzachid at mellanox.co.il
Fri May 18 00:37:55 PDT 2007
Fixed on commit 666.
Thanks
Tzachi
________________________________
From: ofw-bounces at lists.openfabrics.org
[mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Fab Tillier
Sent: Wednesday, May 16, 2007 10:29 PM
To: ofw at lists.openfabrics.org
Subject: [ofw] NULL pointer dereference in WSD provider
Hi folks,
We have a customer that ran into an access violation when
testing over the OpenFabrics WSD provider. A quick investigation showed
that when a buffer is freed and the registration cache callback of the
WSD provider is invoked, the WSD provider deregisters the buffer. Any
references to that registration in any socket's memory node list is
cleared. This results in memory nodes (struct memory_node) having a NULL
p_reg member.
When posting sends or receives, the provider looks up the
appropriate registration (lookup_partial_mr, ibsp_mem.c, line 63). The
function __check_mr does not handle the case where p_reg is NULL, and
lookup_partial_mr doesn't check for NULL either, and this is why we hit
the NULL pointer dereference (in the __check_mr function).
Could this get fixed and a new build generated? Please let me
know when the build is ready so we can notify the customer and have them
repeat the test.
Thanks!
-Fab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20070518/ae3c53d6/attachment.html>
More information about the ofw
mailing list