On Tue, Jun 12, 2018 at 09:40:23AM -0600, Jason Gunthorpe wrote:
> During disassocation the ucontext will become NULL, however due to how
> the SRCU locking works the ucontext must only be examined after looking
> at the ib_dev, which governs the RCU control flow.
>
> With the wrong ordering userspace will see EINVAL instead of EIO for a
> disassociated uverbs FD, which breaks rdma-core.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 491d5c6a3023 ("RDMA/uverbs: Move uncontext check before SRCU read lock")
> Reported-by: Mark Bloch <markb@xxxxxxxxxxxx>
> Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
> ---
> drivers/infiniband/core/uverbs_main.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
Thanks,
Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Attachment:
signature.asc
Description: PGP signature
