mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-09 12:09:31 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
116a1b9f1cb769b83e5adff323f977a62b1dcb2e
linux/drivers
History
Shay Drory 116a1b9f1c IB/mad: Fix use after free when destroying MAD agent 
Currently, when RMPP MADs are processed while the MAD agent is destroyed,
it could result in use after free of rmpp_recv, as decribed below:

	cpu-0						cpu-1
	-----						-----
ib_mad_recv_done()
 ib_mad_complete_recv()
  ib_process_rmpp_recv_wc()
						unregister_mad_agent()
						 ib_cancel_rmpp_recvs()
						  cancel_delayed_work()
   process_rmpp_data()
    start_rmpp()
     queue_delayed_work(rmpp_recv->cleanup_work)
						  destroy_rmpp_recv()
						   free_rmpp_recv()
     cleanup_work()[1]
      spin_lock_irqsave(&rmpp_recv->agent->lock) <-- use after free

[1] cleanup_work() == recv_cleanup_handler

Fix it by waiting for the MAD agent reference count becoming zero before
calling to ib_cancel_rmpp_recvs().

Fixes: 9a41e38a46 ("IB/mad: Use IDR for agent IDs")
Link: https://lore.kernel.org/r/20200621104738.54850-2-leon@kernel.org
Signed-off-by: Shay Drory <shayd@mellanox.com>
Reviewed-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2020-06-22 14:57:44 -03:00
..
accessibility
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
acpi
Merge tag 'libnvdimm-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2020-06-13 13:04:36 -07:00
amba
Merge tag 'arm-soc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
2020-06-04 19:47:11 -07:00
android
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
ata
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
atm
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
auxdisplay
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
base
Merge tag 'linux-kselftest-kunit-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
2020-06-09 10:04:47 -07:00
bcma
block
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
bluetooth
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
bus
Merge tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2020-06-07 10:59:32 -07:00
cdrom
Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-10 16:05:54 -07:00
char
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
clk
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
clocksource
clocksource/drivers/timer-riscv: Use per-CPU timer interrupt
2020-06-09 19:11:22 -07:00
connector
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
counter
cpufreq
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
cpuidle
Merge tag 'thermal-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux
2020-06-12 14:10:21 -07:00
crypto
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-06-13 16:27:13 -07:00
dax
device-dax: add memory via add_memory_driver_managed()
2020-06-04 19:06:23 -07:00
dca
devfreq
PM / devfreq: Use lockdep asserts instead of manual checks for locked mutex
2020-05-28 18:02:40 +09:00
dio
dma
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
dma-buf
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
edac
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
eisa
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
extcon
extcon: arizona: Fix runtime PM imbalance on error
2020-05-29 17:36:02 +09:00
firewire
firmware
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
fpga
Merge tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2020-06-07 10:59:32 -07:00
fsi
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
gnss
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
gpio
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
gpu
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
greybus
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
hid
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
hsi
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
hv
Merge tag 'hyperv-next-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
2020-06-03 15:00:05 -07:00
hwmon
Merge branch 'x86/entry' into ras/core
2020-06-11 15:17:57 +02:00
hwspinlock
hwtracing
Merge tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2020-06-07 10:59:32 -07:00
i2c
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
i3c
ide
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
idle
iio
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
infiniband
IB/mad: Fix use after free when destroying MAD agent
2020-06-22 14:57:44 -03:00
input
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
interconnect
Merge tag 'pm-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2020-06-10 14:04:39 -07:00
iommu
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
ipack
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
irqchip
clocksource/drivers/timer-riscv: Use per-CPU timer interrupt
2020-06-09 19:11:22 -07:00
isdn
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
leds
Merge tag 'leds-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds
2020-06-04 11:03:45 -07:00
lightnvm
Merge tag 'for-5.8/block-2020-06-01' of git://git.kernel.dk/linux-block
2020-06-02 15:29:19 -07:00
macintosh
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
mailbox
mailbox: qcom: Add ipq6018 apcs compatible
2020-06-10 22:43:57 -05:00
mcb
md
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
media
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
memory
Merge branch 'baikal/drivers' into arm/drivers
2020-05-28 14:18:11 +02:00
memstick
message
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
mfd
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
misc
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
mmc
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
most
mtd
Merge tag 'for-linus-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
2020-06-10 13:24:40 -07:00
mux
net
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-06-13 16:27:13 -07:00
nfc
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
ntb
NTB: perf: Fix race condition when run with ntb_test
2020-06-05 20:02:09 -04:00
nubus
nvdimm
Merge tag 'libnvdimm-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2020-06-13 13:04:36 -07:00
nvme
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
nvmem
nvmem: qfprom: remove incorrect write support
2020-05-27 11:09:26 +02:00
of
Merge tag 'driver-core-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2020-06-07 10:53:36 -07:00
opp
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
oprofile
mmap locking API: convert mmap_sem comments
2020-06-09 09:39:14 -07:00
parisc
parport
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
pci
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
pcmcia
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
perf
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
2020-06-11 12:53:23 -07:00
phy
pinctrl
Merge tag 'pinctrl-v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
2020-06-07 16:13:43 -07:00
platform
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
pnp
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
power
Merge tag 'for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
2020-06-10 11:28:35 -07:00
powercap
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
pps
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
ps3
ptp
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
pwm
pwm: Add missing "CONFIG_" prefix
2020-06-04 19:09:28 +02:00
rapidio
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
ras
regulator
Merge remote-tracking branch 'regulator/for-5.8' into regulator-linus
2020-06-01 13:01:44 +01:00
remoteproc
Merge tag 'rproc-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
2020-06-08 13:01:08 -07:00
reset
Merge tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2020-06-07 10:59:32 -07:00
rpmsg
Merge tag 'rproc-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
2020-06-08 13:01:08 -07:00
rtc
Merge tag 'rtc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux
2020-06-07 16:11:23 -07:00
s390
Merge tag 's390-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2020-06-08 12:05:31 -07:00
sbus
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
scsi
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
sfi
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
sh
siox
slimbus
soc
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
soundwire
spi
Merge tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2020-06-07 10:59:32 -07:00
spmi
ssb
staging
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
target
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
tc
tee
mmap locking API: use coccinelle to convert mmap_sem rwsem call sites
2020-06-09 09:39:14 -07:00
thermal
Merge tag 'thermal-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux
2020-06-12 14:10:21 -07:00
thunderbolt
Merge tag 'usb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2020-06-07 09:42:16 -07:00
tty
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
uio
usb
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
vdpa
ifcvf: implement config interrupt in IFCVF
2020-06-06 16:26:47 -04:00
vfio
kernel: better document the use_mm/unuse_mm API contract
2020-06-10 19:14:18 -07:00
vhost
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2020-06-13 13:29:16 -07:00
video
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
virt
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
virtio
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
visorbus
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
vlynq
vme
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
w1
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
watchdog
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
xen
Merge tag 'x86-entry-2020-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-06-13 10:05:47 -07:00
zorro
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
Kconfig
Makefile