Menu

#2548 amfa: process crashed when registering component without SA_AMF_COMPONENT_NAME

5.18.04
fixed
nobody
None
defect
amf
lib
minor
False
2018-06-08
2017-08-09
No

The issue was found when testing the API saAmfComponentRegister(). Start a process that calls saAmfInitialize(), then calls saAmfComponentRegister() with a non-existing component name, with the environment variable SA_AMF_COMPONENT_NAME deliberately not set (not started by AMF), the process will get aborted (osaf_abort(1)).

That was caused by the following buggy condition check in the saAmfComponentRegister() function:

  ...
  /* retrieve AvA CB */
  if (!(cb = (AVA_CB *)ncshm_take_hdl(NCS_SERVICE_ID_AVA, gl_ava_hdl)) ||
      !m_AVA_FLAG_IS_COMP_NAME(cb)) {
    TRACE_4("SA_AIS_ERR_LIBRARY: Unable to retrieve cb handle");
    rc = SA_AIS_ERR_LIBRARY;
    goto done;
  }
  /* acquire cb read lock */
  m_NCS_LOCK(&cb->lock, NCS_LOCK_READ);
  ...

  done:
  /* release cb read lock and return handles */
  if (cb) {
    m_NCS_UNLOCK(&cb->lock, NCS_LOCK_READ);
    ncshm_give_hdl(gl_ava_hdl);
  }
  ...

  TRACE_LEAVE2("rc:%u", rc);
  return rc;

In this case, the !m_AVA_FLAG_IS_COMP_NAME(cb) check failed as SA_AMF_COMPONENT_NAME was not set, the execution jumped to 'done:' which tried to unlock a not-owned mutex (not previously locked yet), leading to osaf_abort() of the invoking process.

Related

Wiki: ChangeLog-5.18.04

Discussion

  • Nguyen TK Luu

    Nguyen TK Luu - 2017-08-09
    • summary: amfa: process crashed when invoking saAmfComponentRegister() with SA_AMF_COMPONENT_NAME not set --> amfa: process crashed when registering component without SA_AMF_COMPONENT_NAME
     
  • Nguyen TK Luu

    Nguyen TK Luu - 2017-08-11
    • status: assigned --> review
     
  • Nguyen TK Luu

    Nguyen TK Luu - 2017-08-11
    • Milestone: 5.17.10 --> 5.17.07
     
  • Nguyen TK Luu

    Nguyen TK Luu - 2018-03-06
    • Milestone: 5.17.07 --> 5.18.04
     
  • Nguyen TK Luu

    Nguyen TK Luu - 2018-03-12
    • status: review --> fixed
     
  • Nguyen TK Luu

    Nguyen TK Luu - 2018-03-12

    commit 0983225ed4a27eb466648aed4f463b672e92efda (origin/develop)
    Author: Nguyen Luu nguyen.tk.luu@dektech.com.au
    Date: Thu Aug 10 20:03:54 2017 +0700

    amfa: Fix API internal check to avoid fatal mutex unlock [#2548]
    
    Current check for the required setting of the SA_AMF_COMPONENT_NAME
    env variable in some AMF API's (ComponentRegister, QuiescingComplete)
    would crash the invoking process if that env variable was missed
    to be set for some reason, as the agent lib tries, during cleanup,
    to unlock a mutex which it has not previously locked yet.
    
     
  • Nguyen TK Luu

    Nguyen TK Luu - 2018-06-08
    • assigned_to: Nguyen TK Luu --> nobody
     

Log in to post a comment.