xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d9bc6d648ece77ffb41c5a577eab81fac5ad4de
android_kernel_xiaomi_sm8450/drivers/infiniband/core
History
Ralph Campbell 1d9bc6d648 IB/mad: Fix null pointer dereference in local_completions() 
handle_outgoing_dr_smp() can queue a struct ib_mad_local_private
*local on the mad_agent_priv->local_work work queue with
local->mad_priv == NULL if device->process_mad() returns
IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY and
(!ib_response_mad(&mad_priv->mad.mad) ||
!mad_agent_priv->agent.recv_handler).

In this case, local_completions() will be called with local->mad_priv
== NULL. The code does check for this case and skips calling
recv_mad_agent->agent.recv_handler() but recv == 0 so
kmem_cache_free() is called with a NULL pointer.

Also, since recv isn't reinitialized each time through the loop, it
can cause a memory leak if recv should have been zero.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
2009-02-27 10:34:30 -08:00
..
addr.c
RDMA/addr: Fix build breakage when IPv6 is disabled
2008-12-29 23:37:14 -08:00
agent.c
IB/mad: agent_send_response() should be void
2007-08-03 10:45:17 -07:00
agent.h
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
cache.c
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
cm_msgs.h
IB/cm: cm_msgs.h should include ib_cm.h
2007-07-10 21:50:53 -07:00
cm.c
x86: sysfs: kill owner field from attribute
2008-10-20 08:52:42 -07:00
cma.c
RDMA/cma: Add IPv6 support
2008-12-24 10:16:45 -08:00
core_priv.h
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
device.c
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
fmr_pool.c
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
iwcm.c
RDMA/iwcm: Remove IB_ACCESS_LOCAL_WRITE from remote QP attributes
2008-07-22 14:18:34 -07:00
iwcm.h
RDMA: iWARP Connection Manager.
2006-09-22 15:22:46 -07:00
mad_priv.h
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
mad_rmpp.c
IB/mad: Test ib_create_send_mad() return with IS_ERR(), not == NULL
2008-08-07 14:11:56 -07:00
mad_rmpp.h
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
mad.c
IB/mad: Fix null pointer dereference in local_completions()
2009-02-27 10:34:30 -08:00
Makefile
IB/uverbs: Export ib_umem_get()/ib_umem_release() to modules
2007-05-08 18:00:37 -07:00
multicast.c
IB/multicast: Report errors on multicast groups if P_key changes
2008-01-25 14:15:29 -08:00
packer.c
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
sa_query.c
IB/sa_query: Check if sm_ah is NULL in ib_sa_remove_one()
2008-07-22 14:18:33 -07:00
sa.h
IB: Remove garbage non-ASCII characters from comments
2007-07-09 16:17:32 -07:00
smi.c
IB/mad: Enhance SMI for switch support
2007-07-09 16:17:32 -07:00
smi.h
IB/mad: Enable loopback of DR SMP responses from userspace
2008-01-25 14:15:25 -08:00
sysfs.c
infiniband: struct device - replace bus_id with dev_name(), dev_set_name()
2009-01-06 10:44:39 -08:00
ucm.c
infiniband: struct device - replace bus_id with dev_name(), dev_set_name()
2009-01-06 10:44:39 -08:00
ucma.c
RDMA/ucma: Test ucma_alloc_multicast() return against NULL, not with IS_ERR()
2008-10-10 12:00:19 -07:00
ud_header.c
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
umem.c
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
user_mad.c
device create: infiniband: convert device_create_drvdata to device_create
2008-10-16 09:24:42 -07:00
uverbs_cmd.c
RDMA/core: Add memory management extensions support
2008-07-14 23:48:45 -07:00
uverbs_main.c
saner FASYNC handling on file close
2008-11-01 09:49:46 -07:00
uverbs_marshall.c
RDMA/cma: Export rdma cm interface to userspace
2006-12-12 11:50:22 -08:00
uverbs.h
RDMA: Remove subversion $Id tags
2008-07-14 23:48:44 -07:00
verbs.c
IB/core: Reset to error QP state transition is not allowed
2008-07-14 23:48:46 -07:00