leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b4bd701ac4
linux/drivers/infiniband
History
Leon Romanovsky b4bd701ac4 RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow 
Failure in rereg MR releases UMEM but leaves the MR to be destroyed
by the user. As a result the following scenario may happen:
"create MR -> rereg MR with failure -> call to rereg MR again" and
hit "NULL-ptr deref or user memory access" errors.

Ensure that rereg MR is only performed on a non-dead MR.

Cc: syzkaller <syzkaller@googlegroups.com>
Cc: <stable@vger.kernel.org> # 4.5
Fixes: 395a8e4c32 ("IB/mlx5: Refactoring register MR code")
Reported-by: Noa Osherovich <noaos@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2018-04-27 11:03:15 -04:00
..
core IB/core: Fix deleting default GIDs when changing mac adddress 2018-04-23 17:28:18 -04:00
hw RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow 2018-04-27 11:03:15 -04:00
sw IB/rxe: Fix for oops in rxe_register_device on ppc64le arch 2018-04-05 13:04:50 -06:00
ulp IB/ipoib: Delete unused struct 2018-04-03 10:42:40 -06:00
Kconfig IB/uverbs: Enable ioctl() uAPI by default for new verbs 2018-03-19 14:45:17 -06:00
Makefile IB/rdmavt: Create module framework and handle driver registration 2016-03-10 20:37:04 -05:00