Re: Re: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler

ca, linux-r...@vger.kernel.org, > > linux-kernel@vger.kernel.org > > 主题: Re: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler > > > > On Thu, Mar 11, 2021 at 06:29:19PM +0800, lyl2...@mail.ustc.edu.cn wrote: > > > In the implementation of destory

Re: Re: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler

> -原始邮件- > 发件人: "Leon Romanovsky" > 发送时间: 2021-03-11 19:05:03 (星期四) > 收件人: lyl2...@mail.ustc.edu.cn > 抄送: dledf...@redhat.com, j...@ziepe.ca, linux-r...@vger.kernel.org, > linux-kernel@vger.kernel.org > 主题: Re: Re: [PATCH] infiniband/core: Fix a us

Re: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler

On Thu, Mar 11, 2021 at 06:29:19PM +0800, lyl2...@mail.ustc.edu.cn wrote: > In the implementation of destory_cm_id(), it restores cm_id_priv by > "cm_id_priv = container_of(cm_id, struct iwcm_id_private, id);". > > And the last line of destory_cm_id() calls "(void)iwcm_deref_id(cm_id_priv);" > to f

Re: Re: [PATCH] infiniband/core: Fix a use after free in cm_work_handler

In the implementation of destory_cm_id(), it restores cm_id_priv by "cm_id_priv = container_of(cm_id, struct iwcm_id_private, id);". And the last line of destory_cm_id() calls "(void)iwcm_deref_id(cm_id_priv);" to free the cm_id_priv. > -原始邮件- > 发件人: "Leon Romanovsky" > 发送时间: 2021-03-1