IB/cma: Fix reference count leak when no ipv4 addresses are set
authorKalderon, Michal <Michal.Kalderon@cavium.com>
Thu, 6 Jul 2017 20:22:11 +0000 (23:22 +0300)
committerDoug Ledford <dledford@redhat.com>
Thu, 20 Jul 2017 15:24:13 +0000 (11:24 -0400)
Once in_dev_get is called to receive in_device pointer, the
in_device reference counter is increased, but if there are
no ipv4 addresses configured on the net-device the ifa_list
will be null, resulting in a flow that doesn't call in_dev_put
to decrease the ref_cnt.
This was exposed when running RoCE over ipv6 without any ipv4
addresses configured

Fixes: commit 8e3867310c90 ("IB/cma: Fix a race condition in iboe_addr_get_sgid()")

Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
include/rdma/ib_addr.h

index 4b34c51f859e89406802d9b5b8c3644c81861629..b73a14edc85e3570e2394fbad23234f689f3a956 100644 (file)
@@ -205,11 +205,13 @@ static inline void iboe_addr_get_sgid(struct rdma_dev_addr *dev_addr,
        dev = dev_get_by_index(&init_net, dev_addr->bound_dev_if);
        if (dev) {
                ip4 = in_dev_get(dev);
-               if (ip4 && ip4->ifa_list && ip4->ifa_list->ifa_address) {
+               if (ip4 && ip4->ifa_list && ip4->ifa_list->ifa_address)
                        ipv6_addr_set_v4mapped(ip4->ifa_list->ifa_address,
                                               (struct in6_addr *)gid);
+
+               if (ip4)
                        in_dev_put(ip4);
-               }
+
                dev_put(dev);
        }
 }