Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/infiniband/core
History
Bart Van Assche 659c3e9816 RDMA/iwcm: Fix a use-after-free related to destroying CM IDs 
commit aee2424246f9f1dadc33faa78990c1e2eb7826e4 upstream.

iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with
an existing struct iw_cm_id (cm_id) as follows:

        conn_id->cm_id.iw = cm_id;
        cm_id->context = conn_id;
        cm_id->cm_handler = cma_iw_handler;

rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make
sure that cm_work_handler() does not trigger a use-after-free by only
freeing of the struct rdma_id_private after all pending work has finished.

Cc: stable@vger.kernel.org
Fixes: 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref")
Reviewed-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240605145117.397751-6-bvanassche@acm.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-23 23:20:15 +01:00
..
addr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
agent.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
agent.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cache.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cgroup.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cm.c RDMA/cm: Print the old state when cm_destroy_id gets timeout 2024-11-19 11:32:21 +01:00
cm_msgs.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cm_trace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cm_trace.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cma.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cma_configfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cma_priv.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cma_trace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cma_trace.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
core_priv.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
counters.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
device.c RDMA/device: Return error earlier if port in not valid 2024-11-23 23:20:10 +01:00
ib_core_uverbs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iwcm.c RDMA/iwcm: Fix a use-after-free related to destroying CM IDs 2024-11-23 23:20:15 +01:00
iwcm.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iwpm_msg.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iwpm_util.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iwpm_util.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
lag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mad.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mad_priv.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mad_rmpp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mad_rmpp.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mr_pool.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
multicast.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netlink.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nldev.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
opa_smi.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
packer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rdma_core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rdma_core.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
restrack.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
restrack.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
roce_gid_mgmt.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sa.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sa_query.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
security.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
smi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
smi.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
trace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ucma.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ud_header.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
umem.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
umem_odp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
user_mad.c IB/core: Implement a limit on UMAD receive List 2024-11-19 14:19:40 +01:00
uverbs.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_cmd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_ioctl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_main.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_marshall.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_async_fd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_counters.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_cq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_device.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_dm.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_flow_action.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_mr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_qp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_srq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_std_types_wq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uverbs_uapi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
verbs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00