On Wed, Jul 11, 2018 at 11:20:29AM +0300, Leon Romanovsky wrote: > From: Jason Gunthorpe <jgg@xxxxxxxxxxxx> > > This variable isn't read and written to with proper locking, so it is > racy. Instead of using an unlocked bool use presence in the mc->list ie > the caller could race rdma_join_multicast with rdma_leave_multicast which > would leak a mc join and cause a use after free of mc. > > Instead, do not add the mc to the list until it has completed > initialization, all mcs on the list require leaving. > > Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx> > Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx> > --- > drivers/infiniband/core/cma.c | 53 +++++++++++++++++++------------------------ > 1 file changed, 23 insertions(+), 30 deletions(-) This has been on the list in another thread for a while now so, applied to for-next Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
