On 5/6/2019 11:51 AM, Jason Gunthorpe wrote:
On Tue, Apr 16, 2019 at 03:13:10PM +0300, Leon Romanovsky wrote:From: Leon Romanovsky <leonro@xxxxxxxxxxxx> Prior to commit d345691471b4 ("RDMA: Handle AH allocations by IB/core"), AH destroy path is rdmavt returned -EBUSY warning to application and caused to potential leakage of kernel memory of AH structure. After that commit, the AH structure is always freed but such early return in driver code can potentially cause to use-after-free error. Add warning to catch such situation to help driver developers to fix AH release path. Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx> --- drivers/infiniband/sw/rdmavt/ah.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)Applied to for-next Denny, since you missed the merge window with the fix, please send a fixup next cycle. The WARN_ON will scare people who might be able to hit this buggy case.
Sounds reasonable to me. -Denny
