diff options
| author | Cheng Xu <chengyou@linux.alibaba.com> | 2025-03-06 20:04:40 +0800 |
|---|---|---|
| committer | Leon Romanovsky <leon@kernel.org> | 2025-03-06 08:25:38 -0500 |
| commit | 83437689249e6a17b25e27712fbee292e42e7855 (patch) | |
| tree | 925e1e465fc227896760e09b3c0b739a672f0867 | |
| parent | 0b27b0e4d43aff78f996abd2d60faa838e8e30b1 (diff) | |
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
After the erdma_cep_put(new_cep) being called, new_cep will be freed,
and the following dereference will cause a UAF problem. Fix this issue.
Fixes: 920d93eac8b9 ("RDMA/erdma: Add connection management (CM) support")
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Cheng Xu <chengyou@linux.alibaba.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
| -rw-r--r-- | drivers/infiniband/hw/erdma/erdma_cm.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/drivers/infiniband/hw/erdma/erdma_cm.c b/drivers/infiniband/hw/erdma/erdma_cm.c index 1b23c698ec25..e0acc185e719 100644 --- a/drivers/infiniband/hw/erdma/erdma_cm.c +++ b/drivers/infiniband/hw/erdma/erdma_cm.c @@ -709,7 +709,6 @@ error: erdma_cancel_mpatimer(new_cep); erdma_cep_put(new_cep); - new_cep->sock = NULL; } if (new_s) { |