[29/34] LU-7734 lnet: double free in lnet_add_net_common()

Message ID	153783763597.32103.14845230051684461634.stgit@noble (mailing list archive)
State	New, archived
Headers	show Return-Path: <lustre-devel-bounces@lists.lustre.org> From: NeilBrown <neilb@suse.com> To: Oleg Drokin <green@whamcloud.com>, Doug Oucharek <doucharek@cray.com>, James Simmons <jsimmons@infradead.org>, Andreas Dilger <adilger@whamcloud.com> Date: Tue, 25 Sep 2018 11:07:16 +1000 Message-ID: <153783763597.32103.14845230051684461634.stgit@noble> In-Reply-To: <153783752960.32103.8394391715843917125.stgit@noble> References: <153783752960.32103.8394391715843917125.stgit@noble> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [lustre-devel] [PATCH 29/34] LU-7734 lnet: double free in lnet_add_net_common() Precedence: list Cc: Lustre Development List <lustre-devel@lists.lustre.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>
Series	lustre: remainder of multi-rail series. \| expand [00/34] lustre: remainder of multi-rail series. [02/34] lnet: change struct lnet_peer to struct lnet_peer_ni [01/34] lnet: replace all lp_ fields with lpni_ [18/34] LU-7734 lnet: peer/peer_ni handling adjustments [28/34] LU-7734 lnet: Fix crash in router_proc.c [27/34] LU-7734 lnet: fix routing selection [26/34] LU-7734 lnet: Routing fixes part 2 [25/34] LU-7734 lnet: Routing fixes part 1 [24/34] LU-7734 lnet: fix lnet_select_pathway() [23/34] LU-7734 lnet: configuration fixes [22/34] LU-7734 lnet: fix lnet_peer_table_cleanup_locked() [21/34] LU-7734 lnet: simplify and fix lnet_select_pathway() [20/34] LU-7734 lnet: protect peer_ni credits [19/34] LU-7734 lnet: proper cpt locking [17/34] LU-7734 lnet: Add peer_ni and NI stats for DLC [16/34] LU-7734 lnet: rename LND peer to peer_ni [14/34] LU-7734 lnet: handle non-MR peers [03/34] lnet: Change lpni_refcount to atomic_t [04/34] lnet: change some function names - add 'ni'. [05/34] lnet: make lnet_nid_cpt_hash non-static. [06/34] lnet: introduce lnet_find_peer_ni_locked() [07/34] lnet: lnet_peer_tables_cleanup: use an exclusive lock. [08/34] LU-7734 lnet: Multi-Rail peer split [09/34] LU-7734 lnet: Multi-Rail local_ni/peer_ni selection [10/34] LU-7734 lnet: configure peers from DLC [11/34] LU-7734 lnet: configure local NI from DLC [12/34] LU-7734 lnet: NUMA support [13/34] LU-7734 lnet: Primary NID and traffic distribution [15/34] LU-7734 lnet: handle N NIs to 1 LND peer [29/34] LU-7734 lnet: double free in lnet_add_net_common() [30/34] LU-7734 lnet: set primary NID in ptlrpc_connection_get() [31/34] LU-7734 lnet: fix NULL access in lnet_peer_aliveness_enabled [32/34] LU-7734 lnet: rename peer key_nid to prim_nid [33/34] lnet: use BIT() macro for LNET_MD_* flags [34/34] LU-7734 lnet: cpt locking

Message ID

153783763597.32103.14845230051684461634.stgit@noble (mailing list archive)

State

New, archived

Headers

From: NeilBrown <neilb@suse.com>
To: Oleg Drokin <green@whamcloud.com>, Doug Oucharek <doucharek@cray.com>,
 James Simmons <jsimmons@infradead.org>,
 Andreas Dilger <adilger@whamcloud.com>
Date: Tue, 25 Sep 2018 11:07:16 +1000
Message-ID: <153783763597.32103.14845230051684461634.stgit@noble>
In-Reply-To: <153783752960.32103.8394391715843917125.stgit@noble>
References: <153783752960.32103.8394391715843917125.stgit@noble>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Subject: [lustre-devel] [PATCH 29/34] LU-7734 lnet: double free in
 lnet_add_net_common()
Precedence: list
Cc: Lustre Development List <lustre-devel@lists.lustre.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: lustre-devel-bounces@lists.lustre.org
Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>

Series

lustre: remainder of multi-rail series. | expand

Commit Message

NeilBrown Sept. 25, 2018, 1:07 a.m. UTC

From: Olaf Weber <olaf@sgi.com>

lnet_startup_lndnet() always consumes its net parameter, so we
should not free net after the function has been called. This
fixes a double free triggered by adding a network twice.

Eliminate the netl local variable.

Signed-off-by: Olaf Weber <olaf@sgi.com>
Change-Id: I1cfc3494eada4660b792f6a1ebd96b5dc80d9945
Reviewed-on: http://review.whamcloud.com/21446
Reviewed-by: Amir Shehata <amir.shehata@intel.com>
Tested-by: Amir Shehata <amir.shehata@intel.com>
Signed-off-by: NeilBrown <neilb@suse.com>
---
 drivers/staging/lustre/lnet/lnet/api-ni.c |   23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/drivers/staging/lustre/lnet/lnet/api-ni.c b/drivers/staging/lustre/lnet/lnet/api-ni.c
index f57200eab746..ea27d38f78c5 100644
--- a/drivers/staging/lustre/lnet/lnet/api-ni.c
+++ b/drivers/staging/lustre/lnet/lnet/api-ni.c
@@ -2143,7 +2143,6 @@  lnet_get_ni_config(struct lnet_ioctl_config_ni *cfg_ni,
 static int lnet_add_net_common(struct lnet_net *net,
 			       struct lnet_ioctl_config_lnd_tunables *tun)
 {
-	struct lnet_net *netl = NULL;
 	u32 net_id;
 	struct lnet_ping_info *pinfo;
 	struct lnet_handle_md md_handle;
@@ -2162,8 +2161,8 @@  static int lnet_add_net_common(struct lnet_net *net,
 	if (rnet) {
 		CERROR("Adding net %s will invalidate routing configuration\n",
 		       libcfs_net2str(net->net_id));
-		rc = -EUSERS;
-		goto failed1;
+		lnet_net_free(net);
+		return -EUSERS;
 	}
 
 	/*
@@ -2180,8 +2179,11 @@  static int lnet_add_net_common(struct lnet_net *net,
 	rc = lnet_ping_info_setup(&pinfo, &md_handle,
 				  net_ni_count + lnet_get_ni_count(),
 				  false);
-	if (rc < 0)
-		goto failed1;
+	if (rc < 0) {
+		lnet_net_free(net);
+		return rc;
+	}
+
 	if (tun)
 		memcpy(&net->net_tunables,
 		       &tun->lt_cmn, sizeof(net->net_tunables));
@@ -2204,17 +2206,16 @@  static int lnet_add_net_common(struct lnet_net *net,
 		goto failed;
 
 	lnet_net_lock(LNET_LOCK_EX);
-	netl = lnet_get_net_locked(net_id);
+	net = lnet_get_net_locked(net_id);
 	lnet_net_unlock(LNET_LOCK_EX);
 
-	LASSERT(netl);
+	LASSERT(net);
 
 	/*
 	 * Start the acceptor thread if this is the first network
 	 * being added that requires the thread.
 	 */
-	if (netl->net_lnd->lnd_accept &&
-	    num_acceptor_nets == 0) {
+	if (net->net_lnd->lnd_accept && num_acceptor_nets == 0) {
 		rc = lnet_acceptor_start();
 		if (rc < 0) {
 			/* shutdown the net that we just started */
@@ -2225,7 +2226,7 @@  static int lnet_add_net_common(struct lnet_net *net,
 	}
 
 	lnet_net_lock(LNET_LOCK_EX);
-	lnet_peer_net_added(netl);
+	lnet_peer_net_added(net);
 	lnet_net_unlock(LNET_LOCK_EX);
 
 	lnet_ping_target_update(pinfo, md_handle);
@@ -2235,8 +2236,6 @@  static int lnet_add_net_common(struct lnet_net *net,
 failed:
 	lnet_ping_md_unlink(pinfo, &md_handle);
 	lnet_ping_info_free(pinfo);
-failed1:
-	lnet_net_free(net);
 	return rc;
 }

[29/34] LU-7734 lnet: double free in lnet_add_net_common()

Commit Message

Patch