Stan, On Tue, Mar 22, 2011 at 12:03 PM, Smith, Stan <[email protected]> wrote: > Hello, > > Any idea as to how/why p_madw->resp_expected would change between saving > the value and later testing it?
The issue is that the p_madw is freed if response is not expected so it's not valid to check it later in that case. This is the incorporation of a patch accepted into OpenSM (Linux): osm_vl15intf.c: fixing use-after-free coredump author Yevgeny Kliteynik <[email protected]> Mon, 11 Oct 2010 11:04:22 +0000 (13:04 +0200) committer Sasha Khapyorsky <[email protected]> Mon, 25 Oct 2010 18:22:51 +0000 (20:22 +0200) commit c1c87305f8a089286ba65ea0aa0df60b47c88295 tree 2529b582b3c91ef2b4dcb15a9558baf00989cce1 tree | snapshot parent 3353f9b9db76bab15b13ba73f9d18cd53d8e432b osm_vl15intf.c: fixing use-after-free coredump p_madw is freed if responce is not expected. Signed-off-by: Yevgeny Kliteynik <[email protected]> Signed-off-by: Sasha Khapyorsky <[email protected]> -- Hal > > Stan. > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Alex Naslednikov > Sent: Tuesday, March 22, 2011 6:30 AM > > To: [email protected] > Subject: [ofw] [ofw'[Patch][opensm] Avoid dangling reference > > > > Do not use mad wrapper pointer after deleting it. > > The old code tried to access already de-allocated pointer, which caused to > dangling reference > > Signed-off by: Alexander Naslednikov (xalex at mellanox.co.il) > > Index: B:/users/xalex/MLNX_VPI_trunk/ulp/opensm/user/opensm/osm_vl15intf.c > > =================================================================== > > --- > B:/users/xalex/MLNX_VPI_trunk/ulp/opensm/user/opensm/osm_vl15intf.c > (revision 7562) > > +++ > B:/users/xalex/MLNX_VPI_trunk/ulp/opensm/user/opensm/osm_vl15intf.c > (revision 7563) > > @@ -63,7 +63,8 @@ > > since we can have no confirmation that they arrived > > at their destination. > > */ > > - if (p_madw->resp_expected == TRUE) > > + boolean_t resp_expected = p_madw->resp_expected; > > + if (resp_expected == TRUE) > > /* > > Note that other threads may not see the > response MAD > > arrive before send() even returns. > > @@ -103,7 +104,7 @@ > > qp0_mads_outstanding will be decremented by send error > callback > > (called by osm_vendor_send() */ > > cl_atomic_dec(&p_vl->p_stats->qp0_mads_sent); > > - if (!p_madw->resp_expected) > > + if (!resp_expected) > > > cl_atomic_dec(&p_vl->p_stats->qp0_unicasts_sent); > > } > > > > > > Alexander (XaleX) Naslednikov > > SW Networking Team > > Mellanox Technologies > > > > _______________________________________________ > ofw mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw > _______________________________________________ ofw mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
