On Fri, Jan 12, 2018 at 07:58:39AM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
>
> The rdma_ah_find_type() accesses the port array based on index.
>
> Such call to that function before actually checking the index leads
> to the following out-of-bound crash.
>
> Disabling lock debugging due to kernel taint
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Fixes: 44c58487d51a ("IB/core: Define 'ib' and 'roce' rdma_ah_attr types")
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> drivers/infiniband/hw/mlx5/qp.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
Applied to for-rc, I revised the commit message to draw attention that
this can be triggered from userspace.
Thanks,
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
