[torquedev] Double free and touches of freed memory inside pbs_server
knielson at adaptivecomputing.com
Tue Aug 10 10:19:44 MDT 2010
On 08/10/2010 12:08 AM, Eygene Ryabinkin wrote:
> Ken, good day.
> Mon, Aug 09, 2010 at 11:33:30AM -0600, Ken Nielson wrote:
>> TORQUE 2.5.0 introduced a new function in req_modifyjob named
>> modify_job. In previous versions of TORQUE req_modifyjob called
>> relay_to_mom directly and did a return on success. It skipped the call
>> to reply_ack so there was no problems in earlier versions.
> You're right: I had missed it.
>> Because of the checkpoint work and other things happening in
>> modify_job, req_modifyjob monitors the return code of modify_job and
>> branches to different error routines based on the return code. I added
>> a new error code PBSE_RELAYED_TO_MOM to let req_modifyjob know the job
>> went to the mom and to return without calling reply_ack.
>> I have attached the patch. I think this is better suited to the
>> problem than modifying batch_request to handle the rq_refcount
> It will work for a single relayed request. But what about
> req_modifyarray()? It will use the single struct batch_request for
> calling modify_job() via modify_whole_array()/modify_array_range(),
> so again, single batch_request will end up freed up a number of times.
You are correct. I will get that fixed and checked in.
More information about the torquedev