[tickets] [opensaf:tickets] #1096 imm: immnd may crash in immnd_evt_proc_ccb_compl_rsp if OI handle is detached

[Anders Bjornerstedt]

- **status**: fixed --> accepted



---

** [tickets:#1096] imm: immnd may crash in immnd_evt_proc_ccb_compl_rsp if OI 
handle is detached**

**Status:** accepted
**Milestone:** 4.3.3
**Created:** Tue Sep 16, 2014 01:39 PM UTC by Zoran Milinkovic
**Last Updated:** Mon Sep 22, 2014 09:42 AM UTC
**Owner:** Anders Bjornerstedt

In immnd_evt_proc_ccb_compl_rsp, immnd_client_node_get can set NULL to 
oi_cl_node if OI is detached.
Later in the code, there is an access to oi_cl_node member, while oi_cl_node is 
NULL, and it can lead to uncertain behavior.

                                immnd_client_node_get(cb, implHandle, 
&oi_cl_node);
                                if (oi_cl_node == NULL || oi_cl_node->mIsStale) 
{
                                        LOG_WA("PBE went down");
                                        /* ###TODO need to ABORT ccb in 
CRITICAL. or set CRITICAL below*/
                                        /* This is a bad case. The immnds have 
just delegated the decision
                                           to commit or abort this ccb to the 
PBE, yet it has just crashed.
                                           I should mark the ccb being in limbo 
until a new PBE has attached,
                                           then resend the completed upcall, 
which should generate an aborted 
                                           reply to all IMMNDs. 
                                           err = SA_AIS_ERR_FAILED_OPERATION;
                                           But actually we know here that we 
have not sent the completed call to
                                           the pbe. This means it should be 
easy to abort!
                                         */
                                }

                                memset(&send_evt, '\0', sizeof(IMMSV_EVT));
                                send_evt.type = IMMSV_EVT_TYPE_IMMA;
                                send_evt.info.imma.type = 
IMMA_EVT_ND2A_OI_CCB_COMPLETED_UC;
                                send_evt.info.imma.info.ccbCompl.ccbId = 
evt->info.ccbUpcallRsp.ccbId;
                                send_evt.info.imma.info.ccbCompl.immHandle = 
implHandle;
                                send_evt.info.imma.info.ccbCompl.implId = pbeId;
                                send_evt.info.imma.info.ccbCompl.invocation = 
pbeCtn;

                                TRACE_2("MAKING PBE-IMPLEMENTER CCB COMPLETED 
upcall");
                                if(immnd_mds_msg_send(cb, NCSMDS_SVC_ID_IMMA_OI,
                                            oi_cl_node->agent_mds_dest, 
&send_evt) != NCSCC_RC_SUCCESS) {


---

Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets