ca, linux-r...@vger.kernel.org,
> > linux-kernel@vger.kernel.org
> > 主题: Re: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler
> >
> > On Thu, Mar 11, 2021 at 06:29:19PM +0800, lyl2...@mail.ustc.edu.cn wrote:
> > > In the implementation of destory
> -原始邮件-
> 发件人: "Leon Romanovsky"
> 发送时间: 2021-03-11 19:05:03 (星期四)
> 收件人: lyl2...@mail.ustc.edu.cn
> 抄送: dledf...@redhat.com, j...@ziepe.ca, linux-r...@vger.kernel.org,
> linux-kernel@vger.kernel.org
> 主题: Re: Re: [PATCH] infiniband/core: Fix a us
;
> > -原始邮件-
> > 发件人: "Leon Romanovsky"
> > 发送时间: 2021-03-11 17:22:03 (星期四)
> > 收件人: "Lv Yunlong"
> > 抄送: dledf...@redhat.com, j...@ziepe.ca, linux-r...@vger.kernel.org,
> > linux-kernel@vger.kernel.org
> > 主题: Re: [PATCH] i
on Romanovsky"
> 发送时间: 2021-03-11 17:22:03 (星期四)
> 收件人: "Lv Yunlong"
> 抄送: dledf...@redhat.com, j...@ziepe.ca, linux-r...@vger.kernel.org,
> linux-kernel@vger.kernel.org
> 主题: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler
>
>
On Wed, Mar 10, 2021 at 06:21:53PM -0800, Lv Yunlong wrote:
> In cm_work_handler, it calls destory_cm_id() to release
> the initial reference of cm_id_priv taken by iw_create_cm_id()
> and free the cm_id_priv. After destory_cm_id(), iwcm_deref_id
> (cm_id_priv) will be called and cause a use after
In cm_work_handler, it calls destory_cm_id() to release
the initial reference of cm_id_priv taken by iw_create_cm_id()
and free the cm_id_priv. After destory_cm_id(), iwcm_deref_id
(cm_id_priv) will be called and cause a use after free.
Fixes: 59c68ac31e15a ("iw_cm: free cm_id resources on the las
6 matches
Mail list logo
