leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ed65a4dc22
linux/drivers/infiniband
History
Leon Romanovsky ed65a4dc22 RDMA/ucma: Fix use-after-free access in ucma_close 
The error in ucma_create_id() left ctx in the list of contexts belong
to ucma file descriptor. The attempt to close this file descriptor causes
to use-after-free accesses while iterating over such list.

Fixes: 7521663857 ("RDMA/cma: Export rdma cm interface to userspace")
Reported-by: <syzbot+dcfd344365a56fbebd0f@syzkaller.appspotmail.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2018-03-19 14:01:35 -06:00
..
core RDMA/ucma: Fix use-after-free access in ucma_close 2018-03-19 14:01:35 -06:00
hw infiniband: bnxt_re: use BIT_ULL() for 64-bit bit masks 2018-03-14 18:24:13 -04:00
sw Second pull request for 4.16 merge window 2018-02-06 11:09:45 -08:00
ulp IB/ipoib: Do not warn if IPoIB debugfs doesn't exist 2018-02-15 14:59:43 -07:00
Kconfig Second pull request for 4.16 merge window 2018-02-06 11:09:45 -08:00
Makefile IB/rdmavt: Create module framework and handle driver registration 2016-03-10 20:37:04 -05:00