leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bea1e22df4
linux/drivers/infiniband/ulp/ipoib
History
Patrick McHardy bea1e22df4 IPoIB: Fix use-after-free of multicast object 
Fix a crash in ipoib_mcast_join_task().  (with help from Or Gerlitz)

Commit c8c2afe360 ("IPoIB: Use rtnl lock/unlock when changing device
flags") added a call to rtnl_lock() in ipoib_mcast_join_task(), which
is run from the ipoib_workqueue, and hence the workqueue can't be
flushed from the context of ipoib_stop().

In the current code, ipoib_stop() (which doesn't flush the workqueue)
calls ipoib_mcast_dev_flush(), which goes and deletes all the
multicast entries.  This takes place without any synchronization with
a possible running instance of ipoib_mcast_join_task() for the same
ipoib device, leading to a crash due to NULL pointer dereference.

Fix this by making sure that the workqueue is flushed before
ipoib_mcast_dev_flush() is called.  To make that possible, we move the
RTNL-lock wrapped code to ipoib_mcast_join_finish().

Signed-off-by: Patrick McHardy <kaber@trash.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2012-09-30 20:32:33 -07:00
..
ipoib_cm.c IB/ipoib: Add missing locking when CM object is deleted 2012-08-14 15:21:44 -07:00
ipoib_ethtool.c net: infiniband/ulp/ipoib: convert to hw_features 2011-04-20 01:30:42 -07:00
ipoib_fs.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
ipoib_ib.c IPoIB: fix skb truesize underestimatiom 2012-07-10 23:33:12 -07:00
ipoib_main.c IPoIB: Fix use-after-free of multicast object 2012-09-30 20:32:33 -07:00
ipoib_multicast.c IPoIB: Fix use-after-free of multicast object 2012-09-30 20:32:33 -07:00
ipoib_verbs.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ipoib_vlan.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ipoib.h IPoIB: Fix AB-BA deadlock when deleting neighbours 2012-09-12 09:21:45 -07:00
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
Makefile IPoIB: Add basic ethtool support 2008-04-16 21:09:32 -07:00