leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a0767da777
linux/drivers/infiniband
History
Michael Guralnik a0767da777 RDMA/core: Add missing list deletion on freeing event queue 
When the uobject file scheme was revised to allow device disassociation
from the file it became possible for read() to still happen the driver
destroys the uobject.

The old clode code was not tolerant to concurrent read, and when it was
moved to the driver destroy it creates a bug.

Ensure the event_list is empty after driver destroy by adding the missing
list_del(). Otherwise read() can trigger a use after free and double
kfree.

Fixes: f7c8416cce ("RDMA/core: Simplify destruction of FD uobjects")
Link: https://lore.kernel.org/r/20200212072635.682689-6-leon@kernel.org
Signed-off-by: Michael Guralnik <michaelgur@mellanox.com>
Reviewed-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2020-02-13 09:44:49 -04:00
..
core RDMA/core: Add missing list deletion on freeing event queue 2020-02-13 09:44:49 -04:00
hw RDMA/iw_cxgb4: initiate CLOSE when entering TERM 2020-02-11 14:28:00 -04:00
sw RDMA/siw: Remove unwanted WARN_ON in siw_cm_llp_data_ready() 2020-02-11 14:33:58 -04:00
ulp RDMA subsystem updates for 5.6 2020-01-31 14:40:36 -08:00
Kconfig RDMA/iw_cxgb3: Remove the iw_cxgb3 module from kernel 2019-10-04 15:08:59 -03:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00