[PATCH AUTOSEL for 4.9 048/100] IB/rxe: double free on error

From: alexander . levin
Date: Tue Dec 12 2017 - 21:40:15 EST


From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

[ Upstream commit ded260235308f340b979258a4c736e06ba12c747 ]

"goto err;" has it's own kfree_skb() call so it's a double free. We
only need to free on the "goto exit;" path.

Fixes: 8700e3e7c485 ("Soft RoCE driver")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
---
drivers/infiniband/sw/rxe/rxe_req.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/infiniband/sw/rxe/rxe_req.c b/drivers/infiniband/sw/rxe/rxe_req.c
index 9d084780ac91..5b0ca35c06ab 100644
--- a/drivers/infiniband/sw/rxe/rxe_req.c
+++ b/drivers/infiniband/sw/rxe/rxe_req.c
@@ -726,11 +726,11 @@ int rxe_requester(void *arg)
ret = rxe_xmit_packet(to_rdev(qp->ibqp.device), qp, &pkt, skb);
if (ret) {
qp->need_req_skb = 1;
- kfree_skb(skb);

rollback_state(wqe, qp, &rollback_wqe, rollback_psn);

if (ret == -EAGAIN) {
+ kfree_skb(skb);
rxe_run_task(&qp->req.task, 1);
goto exit;
}
--
2.11.0