OpenSAF / Tickets / #2859 ntf: coredump if ntfimcnd misses the fake modify callback

#2859 ntf: coredump if ntfimcnd misses the fake modify callback

Milestone: 5.18.06

Status: fixed

Owner: nobody

Labels: None

Type: defect

Component: ntf

Part: -

Version:

Priority: major

Blocker: False

Updated: 2018-06-11

Created: 2018-05-19

Creator: Hoa Le

Private: No

Unexpectedly coredump of osafntfimcnd appears in below reproduction:
1. Create a class with SA_NOTIFY flag
2. Create 20 objects of this class (or less)
3. Create a new CCB then add Delete operations of the first 10 objects to it. Do not commit the CCB.
- With the current design, if the first operation of CCB is an SA_NTF_OBJECT_DELETION operation, IMM will first issue a fake "ObjectModify" callback to osafntfimcnd (special applier) before issuing "ObjectDelete" callback. Which means there will be eleven events with 1 fake modify and 10 delete.
4. Kill the actice osafntfimcnd process, a new active instance of osafntfimcnd will be started
- The new osafntfimcnd process here doesn't contain any information about the eleven previous events
5. Add Delete operations of the remaining objects to the CCB
- The new osafntfimcnd process will only receive 10 delete events without any fake modify event.
6. Apply the CCB. The new active instance of osafntfimcnd will be crashed and coredump will be generated.

Attached are traces and logs.

1 Attachments

ntfimcnd_coredump.tar.gz

Thread 1 (Thread 0x7f3d30c16740 (LWP 496)):
#0  osaf_extended_name_borrow (name=name@entry=0x0) at src/base/osaf_extended_name.c:95
        length = <error reading variable length (Cannot access memory at address 0x0)>
        value = <optimized out>
#1  0x000055d3410d2fe1 in ntfimcn_send_object_delete_notification (CcbUtilOperationData=CcbUtilOperationData@entry=0x55d342a71e30, invoke_name=0x0, ccbLast=ccbLast@entry=SA_FALSE) at src/ntf/ntfimcnd/ntfimcn_notifier.c:1501

core.1526728553.osafntfimcnd.496.SC-1.bt

Hoa Le - 2018-06-04

status: assigned --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Hoa Le - 2018-06-04

https://sourceforge.net/p/opensaf/mailman/message/36333847/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Hoa Le - 2018-06-11

status: review --> fixed

assigned_to: Hoa Le --> nobody
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

commit 0f5a0a6d83aab679050d5057b496fd4e2e42ec8a (HEAD, origin/develop, develop)
Author: Hoa Le hoa.le@dektech.com.au
Date: Mon Jun 4 10:53:19 2018 +0700

ntf: restart ntfimcnd if operation invoker name is missing [#2859]

If ntfimcnd was restarted during a CCB, it might receive ObjectDelete
operation as the first event. ccbUtilCcbData, which was initialized
in this case, does not contain the operation invoker name. This causes
ntfimcnd to crash and generates a coredump when the ccbUtilCcbData
being used in the next ApplyCallback.

This patch helps avoid the above issue by validating the operation
invoker name in ApplyCallback and restarting ntfimcnd if the invoker
name is invalid. An error report notification will be sent out when
ntfimcnd being successfully started.

Tickets: ~~#2859~~

ntf: coredump if ntfimcnd misses the fake modify callback

Milestone

Searches

Help

#2859 ntf: coredump if ntfimcnd misses the fake modify callback

Related

Discussion

Related