leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3eca7fc2d8
linux/drivers/infiniband
History
Jack Morgenstein 3eca7fc2d8 RDMA: Fix double-free in srq creation error flow 
The cited commit introduced a double-free of the srq buffer in the error
flow of procedure __uverbs_create_xsrq().

The problem is that ib_destroy_srq_user() called in the error flow also
frees the srq buffer.

Thus, if uverbs_response() fails in __uverbs_create_srq(), the srq buffer
will be freed twice.

Cc: <stable@vger.kernel.org>
Fixes: 68e326dea1 ("RDMA: Handle SRQ allocations by IB/core")
Link: https://lore.kernel.org/r/20190916071154.20383-5-leon@kernel.org
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-09-16 14:37:38 -03:00
..
core RDMA: Fix double-free in srq creation error flow 2019-09-16 14:37:38 -03:00
hw RDMA/efa: Fix incorrect error print 2019-09-16 14:25:43 -03:00
sw RDMA/siw: Relax from kmap_atomic() use in TX path 2019-09-13 16:59:55 -03:00
ulp IB/iser: Support up to 16MB data transfer in a single command 2019-09-13 16:55:55 -03:00
Kconfig RDMA/odp: Use the common interval tree library instead of generic 2019-08-21 13:34:09 -03:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00