IB/hfi1: On error, fix use after free during user context setup - linux-dev - Linux kernel development work

diff options

author	Michael J. Ruhl <michael.j.ruhl@intel.com>	2017-09-26 06:06:28 -0700
committer	Doug Ledford <dledford@redhat.com>	2017-09-27 11:10:36 -0400
commit	b8f42738acaddf67731c34935c0994e09a588ca7 (patch)
tree	fa25955ee1e88f4f3fc0ace472743d977905e210 /drivers/infiniband/hw/hfi1/pcie.c
parent	Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" (diff)
download	linux-dev-b8f42738acaddf67731c34935c0994e09a588ca7.tar.xz linux-dev-b8f42738acaddf67731c34935c0994e09a588ca7.zip

IB/hfi1: On error, fix use after free during user context setup

During base context setup, if setup_base_ctxt() fails, the context is deallocated. This is incorrect because the context is referenced on return, to notify any waiting subcontext. If there are no subcontexts the pointer will be invalid. Reorganize the error path so that deallocate_ctxt() is called after all the possible subcontexts have been notified. Reviewed-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by: Doug Ledford <dledford@redhat.com>

Diffstat (limited to 'drivers/infiniband/hw/hfi1/pcie.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: