projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1d50dc)
IB/mad: Fix kernel crash when .process_mad() returns SUCCESS|CONSUMED
authorDave Olson <dave.olson@qlogic.com>
Fri, 23 May 2008 17:52:59 +0000 (10:52 -0700)
committerRoland Dreier <rolandd@cisco.com>
Fri, 23 May 2008 17:52:59 +0000 (10:52 -0700)
If a low-level driver returns IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_CONSUMED,
handle_outgoing_dr_smp() doesn't clean up properly.  The fix is to
kfree the local data and break, rather than falling through.  This was
observed with the ipath driver, but could happen with any driver.

This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1027>.

Signed-off-by: Dave Olson <dave.olson@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
drivers/infiniband/core/mad.c patch | blob | blame | history

diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
index fbe16d5250a49bf587864234203aed6b43dbd494..1adf2efd3cb392b84800241ccca3fbc4d1ffb4ac 100644 (file)
--- a/drivers/infiniband/core/mad.c
+++ b/drivers/infiniband/core/mad.c
@@ -747,7 +747,9 @@ static int handle_outgoing_dr_smp(struct ib_mad_agent_private *mad_agent_priv,
                break;
        case IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_CONSUMED:
                kmem_cache_free(ib_mad_cache, mad_priv);
-               break;
+               kfree(local);
+               ret = 1;
+               goto out;
        case IB_MAD_RESULT_SUCCESS:
                /* Treat like an incoming receive MAD */
                port_priv = ib_get_mad_port(mad_agent_priv->agent.device,