On Tue, Jun 12, 2018 at 09:40:23AM -0600, Jason Gunthorpe wrote:
> During disassocation the ucontext will become NULL, however due to how
> the SRCU locking works the ucontext must only be examined after looking
> at the ib_dev, which governs the RCU control flow.
>
> With the wrong ordering userspace will see EINVAL instead of EIO for a
> disassociated uverbs FD, which breaks rdma-core.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 491d5c6a3023 ("RDMA/uverbs: Move uncontext check before SRCU read lock")
> Reported-by: Mark Bloch <markb@xxxxxxxxxxxx>
> Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
> Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> ---
> drivers/infiniband/core/uverbs_main.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
Applied to for-rc
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
