A double memory free is detected by glibc when iscsistart -b is run by
initrds to connect to an iSCSI target using iBFT info. Issue is easily
reproducible if chap authentication is used.

o...@localhost open-iscsi-2.0-870.3]# ./usr/iscsistart -b
iscsistart: transport class version 2.0-870. iscsid version 2.0-870
iscsistart: version 2.0-870
iscsistart: Logging into
iqn.1984-05.com.dell:powervault.6001c23000c3411900000000486b0769
172.16.64.96:3260,1
iscsistart: connection7:0 is operational now
*** glibc detected *** ./usr/iscsistart: double free or corruption
(!prev): 0x00000000127d6920 ***
======= Backtrace: =========
[0x43b106]
[0x43ec47]
[0x4181f5]
[0x41b2d7]
[0x421bad]
[0x421f80]
[0x4001b9]
======= Memory map: ========
00400000-004d0000 r-xp 00000000 fd:00 23101600
/root/open-iscsi-2.0-870.3/usr/iscsistart
006cf000-006d2000 rw-p 000cf000 fd:00 23101600
/root/open-iscsi-2.0-870.3/usr/iscsistart
006d2000-006d8000 rw-p 006d2000 00:00 0 
127c5000-1282a000 rw-p 127c5000 00:00 0
[heap]
2b9bb0000000-2b9bb0024000 rw-p 2b9bb0000000 00:00 0 
2b9bb0024000-2b9bb4000000 ---p 2b9bb0024000 00:00 0 
7ffffb37f000-7ffffb394000 rw-p 7ffffffea000 00:00 0
[stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0
[vdso]



The issue is caused because child is trying to free up the session and
connections that the parent had setup. Attached patch fixes the
issue(patch might word wrap inline).

Patch is built against version open-iscsi-2.0-870.3

Signed-off-by: Shyam Iyer <shyam_i...@dell.com>
Tested-by: Paniraja KM <paniraja...@dell.com>

--- usr/iscsistart.c.orig       2009-03-17 22:14:17.000000000 +0530
+++ usr/iscsistart.c    2009-03-17 22:18:47.000000000 +0530
@@ -341,6 +341,7 @@
                if (rc || rc2)
                        exit(-1);
 
+               free_initiator();
                log_debug(1, "iscsi parent done");
                exit(0);
        }
@@ -387,7 +388,6 @@
        event_loop(ipc, control_fd, mgmt_ipc_fd, -1);
        ipc->ctldev_close();
        mgmt_ipc_close(mgmt_ipc_fd);
-       free_initiator();
        sysfs_cleanup();
 
        log_debug(1, "iscsi child done");

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/open-iscsi
-~----------~----~----~----~------~----~------~--~---

Attachment: corruption_patch
Description: corruption_patch

Reply via email to