usnic: fix invalid rfstart initialization

endpoint_rfstart was being initialized from a value which was not yet set. Also ensure that rfstart is a valid index in the range 0..WINDOW_SIZE-1, since it is used as the index into endpoint_rcvd_segs, which has WINDOW_SIZE elements. Without this change there is significant risk of memory corruption or segfaults, resulting in hangs or crashes, if malloc ever returns us a value >=WINDOW_SIZE (4096). Right now we seem to be getting lucky that the malloc is returning zero-pages to us when we are allocating endpoint structures (possibly because the freelist performs a single large allocation for all endpoints). Fixes Cisco bug CSCui88781. Reviewed-by: rfaucett@cisco.com Reviewed-by: jsquyres@cisco.com cmr=v1.7.3:reviewer=jsquyres This commit was SVN r29075.
2013-08-27 22:43:20 +00:00 · 2013-08-27 22:43:20 +00:00 · dd82bd3c19
--- a/ompi/mca/btl/usnic/btl_usnic_endpoint.c
+++ b/ompi/mca/btl/usnic/btl_usnic_endpoint.c
@ -70,8 +70,6 @@ static void endpoint_construct(mca_btl_base_endpoint_t* endpoint)
    endpoint->endpoint_next_frag_id = 1;
    endpoint->endpoint_acktime = 0;

-    endpoint->endpoint_rfstart = endpoint->endpoint_next_contig_seq_to_recv;
-
    /* endpoint starts not-ready-to-send */
    endpoint->endpoint_ready_to_send = 0;
    endpoint->endpoint_ack_needed = false;
--- a/ompi/mca/btl/usnic/btl_usnic_proc.c
+++ b/ompi/mca/btl/usnic/btl_usnic_proc.c
@ -347,6 +347,7 @@ ompi_btl_usnic_create_endpoint(ompi_btl_usnic_module_t *module,
        endpoint->endpoint_remote_addr.isn;
    endpoint->endpoint_highest_seq_rcvd =
        endpoint->endpoint_next_contig_seq_to_recv - 1;
+    endpoint->endpoint_rfstart = WINDOW_SIZE_MOD(endpoint->endpoint_next_contig_seq_to_recv);

    /* Create the address handle on this endpoint from the modex info.
       memset to both silence valgrind warnings (since the attr struct