On Tue, 2016-11-01 at 13:44 -0700, Jim Foraker wrote:
> rvt_create_qp() creates qp->ip only when a qp creation request comes
> from
> userspace (udata is not NULL). If we exceed the number of available
> queue pairs however, the error path always attempts to put a kref to
> this
> structure. If the requestor is inside the kernel, this leads to a
requestor -> requester
> crash.
>
> We fix this by checking that qp->ip is not NULL before caling
caling -> calling
> kref_put().
>
> Signed-off-by: Jim Foraker <foraker1@xxxxxxxx>
Thanks Jim!
Cc: Stable <stable@xxxxxxxxxxxxxxx> # 4.7+
Acked-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx>
��.n��������+%�������w��{.n�����{���fk��ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f
