| Message ID | 20190509100358.114974-1-hare@suse.de (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Jason Gunthorpe |
| Headers | show |
| Series | infiniband/core: zero out bind_list pointer in cma_release_port() | expand |
On Thu, May 09, 2019 at 12:03:58PM +0200, Hannes Reinecke wrote: > After calling kfree() on the bind_list we should be zeroing out > the pointer, otherwise a second call to cma_release_port() will > crash. Why would there be two calls to cma_release_port? That is a bug. Jason
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index 68c997be2429..2a0010eddb33 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -1770,6 +1770,7 @@ static void cma_release_port(struct rdma_id_private *id_priv) if (hlist_empty(&bind_list->owners)) { cma_ps_remove(net, bind_list->ps, bind_list->port); kfree(bind_list); + id_priv->bind_list = NULL; } mutex_unlock(&lock); }
After calling kfree() on the bind_list we should be zeroing out the pointer, otherwise a second call to cma_release_port() will crash. Signed-off-by: Hannes Reinecke <hare@suse.com> --- drivers/infiniband/core/cma.c | 1 + 1 file changed, 1 insertion(+)