From 17b38fb89055bf5df402980c9546a8b046552f2b Mon Sep 17 00:00:00 2001 From: Doron Tsur Date: Thu, 15 Oct 2015 15:01:02 +0300 Subject: [PATCH] IB/core: Fix memory corruption in ib_cache_gid_set_default_gid When ib_cache_gid_set_default_gid is called from several threads, updating the table could make find_gid fail, therefore a negative index will be retruned and an invalid table entry will be used. Locking find_gid as well fixes this problem. Fixes: 03db3a2d81e6 ('IB/core: Add RoCE GID table management') Signed-off-by: Doron Tsur Signed-off-by: Matan Barak Signed-off-by: Doug Ledford --- drivers/infiniband/core/cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c index 8f66c67ff0df..87471ef37198 100644 --- a/drivers/infiniband/core/cache.c +++ b/drivers/infiniband/core/cache.c @@ -508,12 +508,12 @@ void ib_cache_gid_set_default_gid(struct ib_device *ib_dev, u8 port, memset(&gid_attr, 0, sizeof(gid_attr)); gid_attr.ndev = ndev; + mutex_lock(&table->lock); ix = find_gid(table, NULL, NULL, true, GID_ATTR_FIND_MASK_DEFAULT); /* Coudn't find default GID location */ WARN_ON(ix < 0); - mutex_lock(&table->lock); if (!__ib_cache_gid_get(ib_dev, port, ix, ¤t_gid, ¤t_gid_attr) && mode == IB_CACHE_GID_DEFAULT_MODE_SET && -- 2.20.1