openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/infiniband
History
Erez Shitrit 68c6bcdd8b IB/core: Fix use after free in send_leave function 
The function send_leave sets the member: group->query_id
(group->query_id = ret) after calling the sa_query, but leave_handler
can be executed before the setting and it might delete the group object,
and will get a memory corruption.

Additionally, this patch gets rid of group->query_id variable which is
not used.

Fixes: faec2f7b96 ('IB/sa: Track multicast join/leave requests')
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
 		2016-09-02 14:06:27 -04:00
..
core IB/core: Fix use after free in send_leave function 2016-09-02 14:06:27 -04:00
hw IB/cxgb4: Make _free_qp static to silence build warning 2016-09-02 13:46:33 -04:00
sw IB/rdmvat: Fix double vfree() in rvt_create_qp() error path 2016-08-22 15:00:42 -04:00
ulp IB/isert: Properly release resources on DEVICE_REMOVAL 2016-09-02 13:46:32 -04:00
Kconfig Soft RoCE driver 2016-08-04 11:13:12 -04:00
Makefile IB/rdmavt: Create module framework and handle driver registration 2016-03-10 20:37:04 -05:00