Re: [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd()

From: Leon Romanovsky
Date: Wed Dec 30 2020 - 00:48:55 EST

Next message: Joe Perches: "Re: [PATCH] checkpatch: ignore warning designated initializers using NR_CPUS"
Previous message: Viresh Kumar: "Re: [PATCH v2 11/48] opp: Add dev_pm_opp_find_level_ceil()"
In reply to: trix: "[PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 29, 2020 at 06:46:53PM -0800, trix@xxxxxxxxxx wrote:
> From: Tom Rix <trix@xxxxxxxxxx>
>
> In ocrdma_dealloc_ucontext_pd() uctx->cntxt_pd is assigned to
> the variable pd and then after uctx->cntxt_pd is freed, the
> variable pd is passed to function _ocrdma_dealloc_pd() which
> dereferences pd directly or through its call to
> ocrdma_mbx_dealloc_pd().
>
> Reorder the free using the variable pd.
>
> Fixes: 21a428a019c9 ("RDMA: Handle PD allocations by IB/core")
> Signed-off-by: Tom Rix <trix@xxxxxxxxxx>
> ---
> drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>

Thanks,
Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxx>

Next message: Joe Perches: "Re: [PATCH] checkpatch: ignore warning designated initializers using NR_CPUS"
Previous message: Viresh Kumar: "Re: [PATCH v2 11/48] opp: Add dev_pm_opp_find_level_ceil()"
In reply to: trix: "[PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]