mirror of
https://github.com/torvalds/linux.git
synced 2024-12-28 22:02:28 +00:00
fce50a2fa4
This patch fixes a NULL pointer dereference in isert_login_recv_done()
of isert_conn->cm_id due to isert_cma_handler() -> isert_connect_error()
resetting isert_conn->cm_id = NULL during a failed login attempt.
As per Sagi, we will always see the completion of all recv wrs posted
on the qp (given that we assigned a ->done handler), this is a FLUSH
error completion, we just don't get to verify that because we deref
NULL before.
The issue here, was the assumption that dereferencing the connection
cm_id is always safe, which is not true since:
commit
|
||
---|---|---|
.. | ||
core | ||
hw | ||
sw | ||
ulp | ||
Kconfig | ||
Makefile |