On Tue, May 21, 2019 at 05:55:22PM +0000, Jason Gunthorpe wrote:
> The core code should not pass a udata to the driver destroy function that
> contains the input from the create command. Otherwise the driver will
> attempt to interpret the create udata as destroy udata, and at least
> in the case of EFA, will leak resources.
>
> Zero this stuff out before invoking destroy.
>
> Reported-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> Fixes: c4367a26357b ("IB: Pass uverbs_attr_bundle down ib_x destroy path")
> Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
> Reviewed-by: Gal Pressman <galpress@xxxxxxxxxx>
> ---
> drivers/infiniband/core/rdma_core.h | 2 ++
> drivers/infiniband/core/uverbs_cmd.c | 21 ++++++++++++++-----
> drivers/infiniband/core/uverbs_std_types_mr.c | 2 +-
> 3 files changed, 19 insertions(+), 6 deletions(-)
>
> Fix for that thing Leon and Gal were talking about.
Applied to for-next
Jason
