linux/drivers/infiniband/core
Erez Shitrit 68c6bcdd8b IB/core: Fix use after free in send_leave function
The function send_leave sets the member: group->query_id
(group->query_id = ret) after calling the sa_query, but leave_handler
can be executed before the setting and it might delete the group object,
and will get a memory corruption.

Additionally, this patch gets rid of group->query_id variable which is
not used.

Fixes: faec2f7b96 ('IB/sa: Track multicast join/leave requests')
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-09-02 14:06:27 -04:00
..
addr.c IB/core: Add IP to GID netlink offload 2016-05-24 14:44:04 -04:00
agent.c IB: split struct ib_send_wr 2015-10-08 11:09:10 +01:00
agent.h IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
cache.c IB/core: Fix no default GIDs when netdevice reregisters 2016-06-23 10:03:57 -04:00
cm_msgs.h IB/core: Fix unaligned accesses 2015-05-05 13:21:27 -04:00
cm.c IB/cm: Fix a recently introduced locking bug 2016-06-06 18:55:53 -04:00
cma_configfs.c configfs: switch ->default groups to a linked list 2016-03-06 16:11:24 +01:00
cma.c IB/core: Fix possible memory leak in cma_resolve_iboe_route() 2016-08-22 14:26:54 -04:00
core_priv.h IB/core: Add IP to GID netlink offload 2016-05-24 14:44:04 -04:00
cq.c IB: add a proper completion queue abstraction 2015-12-11 14:10:43 -08:00
device.c IB/core: Add get FW version string to the core 2016-06-23 12:08:33 -04:00
fmr_pool.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
iwcm.c iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwcm.h iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwpm_msg.c RDMA/core: Fix indentation 2016-06-06 19:36:21 -04:00
iwpm_util.c Use smaller 512 byte messages for portmapper messages 2016-08-03 21:03:33 -04:00
iwpm_util.h iwpm: crash fix for large connections test 2016-03-16 13:48:32 -04:00
mad_priv.h IB/mad: use CQ abstraction 2016-01-19 15:25:45 -05:00
mad_rmpp.c IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
mad_rmpp.h
mad.c IB/mad: Fix indentation 2016-06-06 19:36:21 -04:00
Makefile IB/SA: Integrate ib_sa module into ib_core module 2016-05-24 14:42:36 -04:00
mr_pool.c IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
multicast.c IB/core: Fix use after free in send_leave function 2016-09-02 14:06:27 -04:00
netlink.c IB/core: Add flow control to the portmapper netlink calls 2016-08-02 13:14:27 -04:00
opa_smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
packer.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
roce_gid_mgmt.c IB/core: Move rdma_is_upper_dev_rcu to header file 2015-12-23 10:35:12 -05:00
rw.c IB/core, RDMA RW API: Do not exceed QP SGE send limit 2016-08-02 12:02:41 -04:00
sa_query.c IB/sa: Add cached attribute containing SM information to SA port 2016-08-03 21:03:36 -04:00
sa.h
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
sysfs.c Round one of 4.8 code 2016-08-04 20:10:31 -04:00
ucm.c IB/security: Restrict use of the write() interface 2016-04-28 12:03:16 -04:00
ucma.c IB/core: Support for CMA multicast join flags 2016-08-03 21:06:46 -04:00
ud_header.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
umem_odp.c mm/gup: Introduce get_user_pages_remote() 2016-02-16 10:04:09 +01:00
umem_rbtree.c IB/core: Implement support for MMU notifiers regarding on demand paging regions 2014-12-15 18:13:36 -08:00
umem.c dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
user_mad.c IB/mad: pass ib_mad_send_buf explicitly to the recv_handler 2016-01-19 15:25:36 -05:00
uverbs_cmd.c IB/core: Add IPv6 support to flow steering 2016-06-23 11:02:45 -04:00
uverbs_main.c Merge branches 'misc' and 'rxe' into k.o/for-4.8-1 2016-08-04 11:13:47 -04:00
uverbs_marshall.c IB/core: Add gid_type to gid attribute 2015-12-23 10:35:10 -05:00
uverbs.h Merge branches 'misc' and 'rxe' into k.o/for-4.8-1 2016-08-04 11:13:47 -04:00
verbs.c Second round of merge items for 4.8 2016-08-04 20:26:31 -04:00