On Mon, Aug 13, 2018 at 04:56:11PM +0300, Shamir Rabinovitch wrote:
> On Thu, Aug 09, 2018 at 08:14:40PM -0600, Jason Gunthorpe wrote:
> > From: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
> >
> > This is similar in spirit to devm, it keeps track of any allocations
> > linked to this method call and ensures they are all freed when the method
> > exits. Further, if there is space in the internal/onstack buffer then the
> > allocator will hand out that memory and avoid an expensive call to
> > kalloc/kfree in the syscall path.
> >
> > Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
> > Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
>
> [...]
>
> >
> > -#define UVERBS_OPTIMIZE_USING_STACK_SZ 256
> > +static void bundle_destroy(struct bundle_priv *pbundle)
> > +{
> > + struct bundle_alloc_head *memblock;
> > +
> > + for (memblock = pbundle->allocated_mem; memblock;
> > + memblock = memblock->next)
> > + kvfree(memblock);
>
> Use after free? Have I missed something?
Uh...
This is a rebasing error :\
A later patch revises it to be:
for (memblock = pbundle->allocated_mem; memblock;) {
struct bundle_alloc_head *tmp = memblock;
memblock = memblock->next;
kvfree(tmp);
}
Which was supposed to be in this patch.
Since it is applied but not yet for-next, I will revise the placement
of the hunks..
Jason
