korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
linux-5.4.y
linux/drivers/infiniband/core
History
Bart Van Assche 7f25f296fc RDMA/iwcm: Fix a use-after-free related to destroying CM IDs 
commit aee2424246 upstream.

iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with
an existing struct iw_cm_id (cm_id) as follows:

        conn_id->cm_id.iw = cm_id;
        cm_id->context = conn_id;
        cm_id->cm_handler = cma_iw_handler;

rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make
sure that cm_work_handler() does not trigger a use-after-free by only
freeing of the struct rdma_id_private after all pending work has finished.

Cc: stable@vger.kernel.org
Fixes: 59c68ac31e ("iw_cm: free cm_id resources on the last deref")
Reviewed-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240605145117.397751-6-bvanassche@acm.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-19 05:33:39 +02:00
..
addr.c
agent.c
agent.h
cache.c
cgroup.c
cm_msgs.h
cm.c
cma_configfs.c RDMA/cma: Fix truncation compilation warning in make_cma_ports 2023-10-10 21:46:45 +02:00
cma_priv.h
cma.c RDMA/cma: Use output interface for net_dev check 2022-11-10 17:57:49 +01:00
core_priv.h
counters.c
cq.c
device.c RDMA/device: Return error earlier if port in not valid 2024-08-19 05:33:33 +02:00
fmr_pool.c
iwcm.c RDMA/iwcm: Fix a use-after-free related to destroying CM IDs 2024-08-19 05:33:39 +02:00
iwcm.h
iwpm_msg.c
iwpm_util.c
iwpm_util.h
mad_priv.h
mad_rmpp.c
mad_rmpp.h
mad.c
Makefile
mr_pool.c
multicast.c
netlink.c
nldev.c RDMA/core: Require admin capabilities to set system parameters 2023-10-10 21:46:45 +02:00
opa_smi.h
packer.c
rdma_core.c
rdma_core.h
restrack.c
restrack.h
roce_gid_mgmt.c
rw.c
sa_query.c
sa.h
security.c
smi.c
smi.h
sysfs.c
ucma.c
ud_header.c
umem_odp.c
umem.c
user_mad.c IB/core: Implement a limit on UMAD receive List 2024-07-18 11:40:47 +02:00
uverbs_cmd.c RDMA/uverbs: Restrict usage of privileged QKEYs 2023-06-21 15:44:10 +02:00
uverbs_ioctl.c
uverbs_main.c RDMA/uverbs: Fix typo of sizeof argument 2023-10-10 21:46:45 +02:00
uverbs_marshall.c RDMA/core: Don't infoleak GRH fields 2022-01-11 15:23:31 +01:00
uverbs_std_types_counters.c IB/uverbs: Fix an potential error pointer dereference 2023-09-23 10:59:50 +02:00
uverbs_std_types_cq.c
uverbs_std_types_device.c
uverbs_std_types_dm.c
uverbs_std_types_flow_action.c
uverbs_std_types_mr.c
uverbs_std_types.c
uverbs_uapi.c RDMA/uverbs: Check for null return of kmalloc_array 2022-01-11 15:23:31 +01:00
uverbs.h
verbs.c RDMA/core: Fix GID entry ref leak when create_ah fails 2023-04-20 12:07:36 +02:00