mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/infiniband
History
Leon Romanovsky f0abc761bb RDMA/core: Fix race between destroy and release FD object 
The call to ->lookup_put() was too early and it caused an unlock of the
read/write protection of the uobject after the FD was put. This allows a
race:

     CPU1                                 CPU2
 rdma_lookup_put_uobject()
   lookup_put_fd_uobject()
     fput()
				   fput()
				     uverbs_uobject_fd_release()
				       WARN_ON(uverbs_try_lock_object(uobj,
					       UVERBS_LOOKUP_WRITE));
   atomic_dec(usecnt)

Fix the code by changing the order, first unlock and call to
->lookup_put() after that.

Fixes: 3832125624 ("IB/core: Add support for idr types")
Link: https://lore.kernel.org/r/20200423060122.6182-1-leon@kernel.org
Suggested-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
 		2020-04-24 15:40:41 -03:00
..
core RDMA/core: Fix race between destroy and release FD object 2020-04-24 15:40:41 -03:00
hw RDMA/mlx5: Set GRH fields in query QP on RoCE 2020-04-22 15:43:46 -03:00
sw IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() 2020-04-24 15:31:26 -03:00
ulp RDMA 5.7 pull request 2020-04-01 18:18:18 -07:00
Kconfig RDMA/iw_cxgb3: Remove the iw_cxgb3 module from kernel 2019-10-04 15:08:59 -03:00
Makefile