[ofw] [ofw'[Patch][umad] Avoid dangling reference

Alex Naslednikov xalex at mellanox.co.il
Sun Mar 27 05:48:02 PDT 2011 

Mad can be deleted during failed send.
Thus, the old code may access already de-allocated pointer.
Signed-off by: Alexander Naslednikov (xalex at mellanox.co.il)

Index: umad.cpp
===================================================================
--- umad.cpp      (revision 7570)
+++ umad.cpp   (revision 7571)
@@ -613,11 +613,11 @@

                umad_convert_addr(&mad->addr, &((WM_MAD *) mad)->Address);
                hr = ports[portid].prov->Send((WM_MAD *) mad, NULL);
-              umad_convert_av(&((WM_MAD *) mad)->Address, &mad->addr);
                if (FAILED(hr)) {
                                _set_errno(EIO);
                                return GetLastError();
                }
+             umad_convert_av(&((WM_MAD *) mad)->Address, &mad->addr);

                return 0;
 }

From: Alex Naslednikov
Sent: Tuesday, March 22, 2011 3:29 PM
To: ofw at lists.openfabrics.org
Subject: [ofw'[Patch][opensm] Avoid dangling reference

Do not use mad wrapper pointer after deleting it.
The old code tried to access already de-allocated pointer, which caused to dangling reference
Signed-off by: Alexander Naslednikov (xalex at mellanox.co.il)
Index: B:/users/xalex/MLNX_VPI_trunk/ulp/opensm/user/opensm/osm_vl15intf.c
===================================================================
--- B:/users/xalex/MLNX_VPI_trunk/ulp/opensm/user/opensm/osm_vl15intf.c              (revision 7562)
+++ B:/users/xalex/MLNX_VPI_trunk/ulp/opensm/user/opensm/osm_vl15intf.c           (revision 7563)
@@ -63,7 +63,8 @@
                   since we can have no confirmation that they arrived
                   at their destination.
                 */
-              if (p_madw->resp_expected == TRUE)
+             boolean_t resp_expected = p_madw->resp_expected;
+             if (resp_expected == TRUE)
                                /*
                                   Note that other threads may not see the response MAD
                                   arrive before send() even returns.
@@ -103,7 +104,7 @@
                   qp0_mads_outstanding will be decremented by send error callback
                   (called by osm_vendor_send() */
                cl_atomic_dec(&p_vl->p_stats->qp0_mads_sent);
-              if (!p_madw->resp_expected)
+             if (!resp_expected)
                                cl_atomic_dec(&p_vl->p_stats->qp0_unicasts_sent);
 }


Alexander (XaleX) Naslednikov
SW Networking Team
Mellanox Technologies

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20110327/937bc21e/attachment.html>

More information about the ofw mailing list