lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210326172644.GB874948@nvidia.com>
Date:   Fri, 26 Mar 2021 14:26:44 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     Lv Yunlong <lyl2019@...l.ustc.edu.cn>
Cc:     sagi@...mberg.me, dledford@...hat.com, linux-rdma@...r.kernel.org,
        target-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] infiniband: Fix a use after free in
 isert_connect_request

On Mon, Mar 22, 2021 at 09:13:25AM -0700, Lv Yunlong wrote:
> The device is got by isert_device_get() with refcount is 1,
> and is assigned to isert_conn by isert_conn->device = device.
> When isert_create_qp() failed, device will be freed with
> isert_device_put().
> 
> Later, the device is used in isert_free_login_buf(isert_conn)
> by the isert_conn->device->ib_device statement. This patch
> free the device in the correct order.
> 
> Signed-off-by: Lv Yunlong <lyl2019@...l.ustc.edu.cn>
> Acked-by: Sagi Grimberg <sagi@...mberg.me>
> Reviewed-by: Leon Romanovsky <leonro@...dia.com>
> Reviewed-by: Max Gurtovoy <mgurtovoy@...dia.com>
>  drivers/infiniband/ulp/isert/ib_isert.c | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)

Applied to for-next, I added

    Fixes: ae9ea9ed38c9 ("iser-target: Split some logic in isert_connect_request to routines")

Please ensure you add fixes lines when you send bug fixes.

Thanks,
Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ