[PATCH 3/3] ibacm/ibacmp: fix a crash when SM restarts

public inbox for linux-rdma@vger.kernel.org
 help / color / mirror / Atom feed

From: kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org
To: sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	Kaike Wan <kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: [PATCH 3/3] ibacm/ibacmp: fix a crash when SM restarts
Date: Wed, 19 Nov 2014 09:46:47 -0500	[thread overview]
Message-ID: <1416408407-6774-4-git-send-email-kaike.wan@intel.com> (raw)
In-Reply-To: <1416408407-6774-1-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

From: Kaike Wan <kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

Ibacm may cause segfault when the SM restarts: when the SM restarts, ibacm will
receive P_Key change event and instruct ibacmp to close all endpoints. However,
ibacmp only resets the core endpoint pointer in its ep structure and keeps the ep
in the port's ep_list. Afterwards, the ibacm core will ask ibacmp to create
an ep for each pkey enumerated from the local port. The ep will be found
from the port's ep_list if it exists. However, if an old pkey is not present
in the new SM configuration, the old ep will still be linked in the port's
ep_list with the ep->endpoint being set to NULL. When the ibacm core forwards
the client reregistration event to ibacmp, ibacmp will enumerate the ep_list and
try to join multicast group for each ep, including any one with ep->endpoint
set to NULL. In this case, it will cause segfault in acm_send_sa_mad().
Additional check should be able to avoid the crash.

Signed-off-by: Kaike Wan <kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
 prov/acmp/src/acmp.c |    4 ++++
 src/acm.c            |    4 ++++
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/prov/acmp/src/acmp.c b/prov/acmp/src/acmp.c
index 7568b9c..2b85958 100644
--- a/prov/acmp/src/acmp.c
+++ b/prov/acmp/src/acmp.c
@@ -1446,6 +1446,10 @@ static int acmp_port_join(void *port_context)
 	for (ep_entry = port->ep_list.Next; ep_entry != &port->ep_list;
 		 ep_entry = ep_entry->Next) {
 		ep = container_of(ep_entry, struct acmp_ep, entry);
+		if (!ep->endpoint) {
+			/* Stale endpoint */
+			continue;
+		}
 		acmp_ep_join(ep);
 	}
 	acm_log(1, "joins for device %s port %d complete\n",
diff --git a/src/acm.c b/src/acm.c
index d807c73..2d0d2e1 100644
--- a/src/acm.c
+++ b/src/acm.c
@@ -2352,6 +2352,10 @@ acm_alloc_sa_mad(const struct acm_endpoint *endpoint, void *context,
 {
 	struct acmc_sa_req *req;

+	if (!endpoint) {
+		acm_log(0, "Error: NULL endpoint\n");
+		return NULL;
+	}
 	req = calloc(1, sizeof (*req));
 	if (!req) {
 		acm_log(0, "Error: failed to allocate sa request\n");
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2014-11-19 14:46 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-19 14:46 [PATCH 0/3] Ibacm/ibacmp bug fixes kaike.wan-ral2JQCrhuEAvxtiuMwx3w
     [not found] ` <1416408407-6774-1-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-11-19 14:46   ` [PATCH 1/3] ibacmp: missing '%' in acm_log format kaike.wan-ral2JQCrhuEAvxtiuMwx3w
2014-11-19 14:46   ` [PATCH 2/3] ibacm: close the provider endpoint when it fails to assign a name to a core endpoint kaike.wan-ral2JQCrhuEAvxtiuMwx3w
2014-11-19 14:46   ` kaike.wan-ral2JQCrhuEAvxtiuMwx3w [this message]
     [not found]     ` <1416408407-6774-4-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-12-03 19:42       ` [PATCH 3/3] ibacm/ibacmp: fix a crash when SM restarts Hefty, Sean
     [not found]         ` <1828884A29C6694DAF28B7E6B8A8237399E21295-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2014-12-04 12:22           ` Wan, Kaike

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7568b9c dfblob:2b85958 dfblob:d807c73 dfblob:2d0d2e1 )
 OR (
bs:"[PATCH 3/3] ibacm/ibacmp: fix a crash when SM restarts" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1416408407-6774-4-git-send-email-kaike.wan@intel.com \
    --to=kaike.wan-ral2jqcrhueavxtiumwx3w@public.gmane.org \
    --cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox