| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2008 02:58:48 +0200
From: Adrian Bunk <bunk@...nel.org>
To: flatif@...effect.com, gstreiff@...effect.com
Cc: general@...ts.openfabrics.org, linux-kernel@...r.kernel.org
Subject: infiniband/hw/nes/nes_cm.c: use-after-free
Spotted by the Coverity checker.
<-- snip -->
...
static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
struct nes_cm_listener *listener, int free_hanging_nodes)
{
int ret = 1;
unsigned long flags;
spin_lock_irqsave(&cm_core->listen_list_lock, flags);
if (!atomic_dec_return(&listener->ref_count)) {
list_del(&listener->list);
/* decrement our listen node count */
atomic_dec(&cm_core->listen_node_cnt);
spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
if (listener->nesvnic) {
nes_manage_apbvt(listener->nesvnic, listener->loc_port,
PCI_FUNC(listener->nesvnic->nesdev->pcidev->devfn), NES_MANAGE_APBVT_DEL);
}
nes_debug(NES_DBG_CM, "destroying listener (%p)\n", listener);
kfree(listener); <----------------------------------
ret = 0;
cm_listens_destroyed++;
} else {
spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
}
if (listener) {
if (atomic_read(&listener->pend_accepts_cnt) > 0)
... ^^^^^^^^^^^^^^^^^^^^^^^^^^
<-- snip -->
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists