1
1

usnic: fix invalid rfstart initialization

endpoint_rfstart was being initialized from a value which was not yet
set.  Also ensure that rfstart is a valid index in the range
0..WINDOW_SIZE-1, since it is used as the index into endpoint_rcvd_segs,
which has WINDOW_SIZE elements.

Without this change there is significant risk of memory corruption or
segfaults, resulting in hangs or crashes, if malloc ever returns us a
value >=WINDOW_SIZE (4096).  Right now we seem to be getting lucky that
the malloc is returning zero-pages to us when we are allocating endpoint
structures (possibly because the freelist performs a single large
allocation for all endpoints).

Fixes Cisco bug CSCui88781.

Reviewed-by: rfaucett@cisco.com
Reviewed-by: jsquyres@cisco.com

cmr=v1.7.3:reviewer=jsquyres

This commit was SVN r29075.
Этот коммит содержится в:
Dave Goodell 2013-08-27 22:43:20 +00:00
родитель 7125143253
Коммит dd82bd3c19
2 изменённых файлов: 1 добавлений и 2 удалений

Просмотреть файл

@ -70,8 +70,6 @@ static void endpoint_construct(mca_btl_base_endpoint_t* endpoint)
endpoint->endpoint_next_frag_id = 1;
endpoint->endpoint_acktime = 0;
endpoint->endpoint_rfstart = endpoint->endpoint_next_contig_seq_to_recv;
/* endpoint starts not-ready-to-send */
endpoint->endpoint_ready_to_send = 0;
endpoint->endpoint_ack_needed = false;

Просмотреть файл

@ -347,6 +347,7 @@ ompi_btl_usnic_create_endpoint(ompi_btl_usnic_module_t *module,
endpoint->endpoint_remote_addr.isn;
endpoint->endpoint_highest_seq_rcvd =
endpoint->endpoint_next_contig_seq_to_recv - 1;
endpoint->endpoint_rfstart = WINDOW_SIZE_MOD(endpoint->endpoint_next_contig_seq_to_recv);
/* Create the address handle on this endpoint from the modex info.
memset to both silence valgrind warnings (since the attr struct