[torquedev] Double free and touches of freed memory inside pbs_server

Eygene Ryabinkin rea+maui at grid.kiae.ru
Tue Aug 10 00:08:15 MDT 2010


Ken, good day.

Mon, Aug 09, 2010 at 11:33:30AM -0600, Ken Nielson wrote:
> TORQUE 2.5.0 introduced a new function in req_modifyjob named
> modify_job. In previous versions of TORQUE req_modifyjob called
> relay_to_mom directly and did a return on success. It skipped the call
> to reply_ack so there was no problems in earlier versions.

You're right: I had missed it.

> Because of the checkpoint work and other things happening in
> modify_job, req_modifyjob monitors the return code of modify_job and
> branches to different error routines based on the return code. I added
> a new error code PBSE_RELAYED_TO_MOM to let req_modifyjob know the job
> went to the mom and to return without calling reply_ack. 
> 
> I have attached the patch. I think this is better suited to the
> problem than modifying batch_request to handle the rq_refcount
> element.

It will work for a single relayed request.  But what about
req_modifyarray()?  It will use the single struct batch_request for
calling modify_job() via modify_whole_array()/modify_array_range(),
so again, single batch_request will end up freed up a number of times.
-- 
Eygene Ryabinkin, Russian Research Centre "Kurchatov Institute"


More information about the torquedev mailing list