> > > +++ b/drivers/infiniband/core/ucma.c > > > @@ -132,7 +132,7 @@ static inline struct ucma_context > > > *_ucma_find_context(int id, > > > ctx = idr_find(&ctx_idr, id); > > > if (!ctx) > > > ctx = ERR_PTR(-ENOENT); > > > - else if (ctx->file != file) > > > + else if (ctx->file != file || !ctx->cm_id) > > > > After looking at the use-after-free patch, we may want this check to > > be > > > > !IS_ERR_OR_NULL(ctx->cm_id) > > Please don't store ERR_PTR outside stack variables, just makes > everything harder :( A NULL check should be fine if the ctx->cm_id is not set until immediately before returning from ucma_create_id(). The two bugs that Leon is addressing are related, and ERR_PTR looks possible with the current (unpatched) code. - Sean -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
