| Message ID | 1442840522-12691-1-git-send-email-haggaie@mellanox.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On 09/21/2015 09:02 AM, Haggai Eran wrote: > If the lookup of a listening ID failed for an AF_IB request, the code > would try to call dev_put() on a NULL net_dev. > > Fixes: be688195bd08 ("IB/cma: Fix net_dev reference leak with failed > requests") > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Haggai Eran <haggaie@mellanox.com> > --- > drivers/infiniband/core/cma.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c > index b1ab13f3e182..b92a3c2c060b 100644 > --- a/drivers/infiniband/core/cma.c > +++ b/drivers/infiniband/core/cma.c > @@ -1302,7 +1302,7 @@ static struct rdma_id_private *cma_id_from_event(struct ib_cm_id *cm_id, > bind_list = cma_ps_find(rdma_ps_from_service_id(req.service_id), > cma_port_from_service_id(req.service_id)); > id_priv = cma_find_listener(bind_list, cm_id, ib_event, &req, *net_dev); > - if (IS_ERR(id_priv)) { > + if (IS_ERR(id_priv) && *net_dev) { > dev_put(*net_dev); > *net_dev = NULL; > } > This one got lost back in the noise of all the for-next patches. Sorry to have missed it. I've picked it up now for -rc.
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index b1ab13f3e182..b92a3c2c060b 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -1302,7 +1302,7 @@ static struct rdma_id_private *cma_id_from_event(struct ib_cm_id *cm_id, bind_list = cma_ps_find(rdma_ps_from_service_id(req.service_id), cma_port_from_service_id(req.service_id)); id_priv = cma_find_listener(bind_list, cm_id, ib_event, &req, *net_dev); - if (IS_ERR(id_priv)) { + if (IS_ERR(id_priv) && *net_dev) { dev_put(*net_dev); *net_dev = NULL; }
If the lookup of a listening ID failed for an AF_IB request, the code would try to call dev_put() on a NULL net_dev. Fixes: be688195bd08 ("IB/cma: Fix net_dev reference leak with failed requests") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Haggai Eran <haggaie@mellanox.com> --- drivers/infiniband/core/cma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)