IB/hfi1: Prevent a NULL dereference

In the original code, we set "fd->uctxt" to NULL and then dereference it which will cause an Oops. Fixes: f2a3bc00a03c ("IB/hfi1: Protect context array set/clear with spinlock") Cc: <stable@vger.kernel.org> # 4.14.x Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
author: Dan Carpenter <dan.carpenter@oracle.com> 2018-01-09 23:03:46 +0300
committer: Doug Ledford <dledford@redhat.com> 2018-01-10 16:48:09 -0500
commit: 57194fa763bfa1a0908f30d4c77835beaa118fcb (patch)
tree: 5c5adaa5b07c08e423a32d8d1d1f1f270c16b89a /drivers/infiniband/hw/hfi1
parent: iser-target: Fix possible use-after-free in connection establishment error (diff)
download: linux-dev-57194fa763bfa1a0908f30d4c77835beaa118fcb.tar.xz
linux-dev-57194fa763bfa1a0908f30d4c77835beaa118fcb.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c
index 7750a9c38b06..1df7da47f431 100644
--- a/drivers/infiniband/hw/hfi1/file_ops.c
+++ b/drivers/infiniband/hw/hfi1/file_ops.c
@@ -763,11 +763,11 @@ static int complete_subctxt(struct hfi1_filedata *fd)
 	}
 
 	if (ret) {
-		hfi1_rcd_put(fd->uctxt);
-		fd->uctxt = NULL;
 		spin_lock_irqsave(&fd->dd->uctxt_lock, flags);
 		__clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts);
 		spin_unlock_irqrestore(&fd->dd->uctxt_lock, flags);
+		hfi1_rcd_put(fd->uctxt);
+		fd->uctxt = NULL;
 	}
 
 	return ret;
author	Dan Carpenter <dan.carpenter@oracle.com>	2018-01-09 23:03:46 +0300
committer	Doug Ledford <dledford@redhat.com>	2018-01-10 16:48:09 -0500
commit	57194fa763bfa1a0908f30d4c77835beaa118fcb (patch)
tree	5c5adaa5b07c08e423a32d8d1d1f1f270c16b89a /drivers/infiniband/hw/hfi1
parent	iser-target: Fix possible use-after-free in connection establishment error (diff)
download	linux-dev-57194fa763bfa1a0908f30d4c77835beaa118fcb.tar.xz linux-dev-57194fa763bfa1a0908f30d4c77835beaa118fcb.zip