On Tue, 2016-11-01 at 13:44 -0700, Jim Foraker wrote: > rvt_create_qp() creates qp->ip only when a qp creation request comes > from > userspace (udata is not NULL). If we exceed the number of available > queue pairs however, the error path always attempts to put a kref to > this > structure. If the requestor is inside the kernel, this leads to a requestor -> requester > crash. > > We fix this by checking that qp->ip is not NULL before caling caling -> calling > kref_put(). > > Signed-off-by: Jim Foraker <foraker1@xxxxxxxx> Thanks Jim! Cc: Stable <stable@xxxxxxxxxxxxxxx> # 4.7+ Acked-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx> ��.n��������+%������w��{.n�����{���fk��ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f