evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/infiniband/core
History
Erez Shitrit 23bd03de92 IB/core: Fix use after free in send_leave function 
commit 68c6bcdd8bd00394c234b915ab9b97c74104130c upstream.

The function send_leave sets the member: group->query_id
(group->query_id = ret) after calling the sa_query, but leave_handler
can be executed before the setting and it might delete the group object,
and will get a memory corruption.

Additionally, this patch gets rid of group->query_id variable which is
not used.

Fixes: faec2f7b96 ('IB/sa: Track multicast join/leave requests')
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-10-07 15:23:46 +02:00
..
addr.c IB/addr: Pass network namespace as a parameter 2015-10-28 12:32:47 -04:00
agent.c IB: split struct ib_send_wr 2015-10-08 11:09:10 +01:00
agent.h IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
cache.c IB/cache: Add ib_find_gid_by_filter cache API 2015-10-21 23:48:17 -04:00
cm.c IB/cm: Fix a recently introduced locking bug 2016-07-27 09:47:27 -07:00
cm_msgs.h IB/core: Fix unaligned accesses 2015-05-05 13:21:27 -04:00
cma.c IB/cma: Fix RDMA port validation for iWarp 2016-03-03 15:07:32 -08:00
core_priv.h IB/core: Use GID table in AH creation and dmac resolution 2015-10-21 23:48:17 -04:00
device.c IB/core: Expose and rename ib_find_cached_gid_by_port cache API 2015-10-21 23:48:17 -04:00
fmr_pool.c
iwcm.c RDMA/iwcm: Use a default listen backlog if needed 2014-08-05 07:33:24 -07:00
iwcm.h
iwpm_msg.c RDMA/core: Fixes for port mapper client registration 2015-07-14 13:20:10 -04:00
iwpm_util.c IB/IWPM: Fix a potential skb leak 2016-08-20 18:09:25 +02:00
iwpm_util.h RDMA/core: Fixes for port mapper client registration 2015-07-14 13:20:10 -04:00
mad.c IB/mad: Require CM send method for everything except ClassPortInfo 2015-12-08 12:19:11 -05:00
mad_priv.h IB: split struct ib_send_wr 2015-10-08 11:09:10 +01:00
mad_rmpp.c IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
mad_rmpp.h
Makefile IB/core: Add RoCE GID table management 2015-08-30 18:08:50 -04:00
multicast.c IB/core: Fix use after free in send_leave function 2016-10-07 15:23:46 +02:00
netlink.c IB/core: Add rdma netlink helper functions 2015-08-30 18:12:25 -04:00
opa_smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
packer.c
roce_gid_mgmt.c IB/core: Fix use after free of ifa 2015-10-20 13:10:46 -04:00
sa.h
sa_query.c IB/SA: Use correct free function 2016-08-20 18:09:25 +02:00
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
sysfs.c IB/core: Add netdev and gid attributes paramteres to cache 2015-10-21 23:48:17 -04:00
ucm.c IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
ucma.c IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
ud_header.c
umem.c IB/core: don't disallow registering region starting at 0x0 2015-04-15 16:05:02 -04:00
umem_odp.c IB/core: dma unmap optimizations 2015-05-05 09:18:02 -04:00
umem_rbtree.c IB/core: Implement support for MMU notifiers regarding on demand paging regions 2014-12-15 18:13:36 -08:00
user_mad.c IB/core: lock client data with lists_rwsem 2015-08-30 15:48:21 -04:00
uverbs.h IB/uverbs: Fix race between uverbs_close and remove_one 2016-09-24 10:07:37 +02:00
uverbs_cmd.c IB/core: use RCU for uverbs id lookup 2015-12-07 16:39:26 -05:00
uverbs_main.c IB/uverbs: Fix race between uverbs_close and remove_one 2016-09-24 10:07:37 +02:00
uverbs_marshall.c IB/core: Remove smac and vlan id from path record 2015-10-21 23:48:18 -04:00
verbs.c IB core: Fix ib_sg_to_pages() 2015-12-07 17:20:12 -05:00