lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 1 Sep 2015 09:58:41 -0500
From:	"Steve Wise" <swise@...ngridcomputing.com>
To:	"'Nicholas Krause'" <xerofoify@...il.com>, <swise@...lsio.com>
Cc:	<dledford@...hat.com>, <sean.hefty@...el.com>,
	<hal.rosenstock@...il.com>, <linux-rdma@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] infiniband:cxgb4:Fix incorrect return statement in the function c4iw_destroy_cq



> -----Original Message-----
> From: Nicholas Krause [mailto:xerofoify@...il.com]
> Sent: Sunday, August 30, 2015 3:12 PM
> To: swise@...lsio.com
> Cc: dledford@...hat.com; sean.hefty@...el.com; hal.rosenstock@...il.com; linux-rdma@...r.kernel.org; linux-kernel@...r.kernel.org
> Subject: [PATCH] infiniband:cxgb4:Fix incorrect return statement in the function c4iw_destroy_cq
> 
> This fixes the incorrect return statement at the end of the function
> c4iw_destroy_cq's body that returns zero to instead correctly return
> the return value of the call to the function destroy_cq as all callers
> of c4iw_destroy_cq should be signaled when this call fails in order
> for them to handle it in their own intended error paths.
> 
> Signed-off-by: Nicholas Krause <xerofoify@...il.com>
> ---
>  drivers/infiniband/hw/cxgb4/cq.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/infiniband/hw/cxgb4/cq.c b/drivers/infiniband/hw/cxgb4/cq.c
> index 92d5183..4f7af20 100644
> --- a/drivers/infiniband/hw/cxgb4/cq.c
> +++ b/drivers/infiniband/hw/cxgb4/cq.c
> @@ -848,6 +848,7 @@ int c4iw_destroy_cq(struct ib_cq *ib_cq)
>  {
>  	struct c4iw_cq *chp;
>  	struct c4iw_ucontext *ucontext;
> +	int ret;
> 
>  	PDBG("%s ib_cq %p\n", __func__, ib_cq);
>  	chp = to_c4iw_cq(ib_cq);
> @@ -858,10 +859,10 @@ int c4iw_destroy_cq(struct ib_cq *ib_cq)
> 
>  	ucontext = ib_cq->uobject ? to_c4iw_ucontext(ib_cq->uobject->context)
>  				  : NULL;
> -	destroy_cq(&chp->rhp->rdev, &chp->cq,
> -		   ucontext ? &ucontext->uctx : &chp->cq.rdev->uctx);
> +	ret = destroy_cq(&chp->rhp->rdev, &chp->cq,
> +			 ucontext ? &ucontext->uctx : &chp->cq.rdev->uctx);
>  	kfree(chp);
> -	return 0;
> +	return ret;
>  }


The SW CQ is destroyed regardless of any errors returned by destroy_cq().  So c4iw_destroy_cq() shouldn't return non-zero since it
is freeing the CQ memory.   I think the correct change here is to only kfree(chp) if destroy_cq() returns 0.

Steve.


> 
>  struct ib_cq *c4iw_create_cq(struct ib_device *ibdev,
> --
> 2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ