Move the release operation after error log to avoid possible use after
free.
Signed-off-by: Pan Bian <[email protected]>
---
drivers/infiniband/hw/qedr/qedr_iw_cm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/qedr/qedr_iw_cm.c b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
index 22881d4442b9..eedc32b72ff2 100644
--- a/drivers/infiniband/hw/qedr/qedr_iw_cm.c
+++ b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
@@ -451,10 +451,10 @@ qedr_addr6_resolve(struct qedr_dev *dev,
if ((!dst) || dst->error) {
if (dst) {
- dst_release(dst);
DP_ERR(dev,
"ip6_route_output returned dst->error = %d\n",
dst->error);
+ dst_release(dst);
}
return -EINVAL;
}
--
2.7.4
> From: Pan Bian <[email protected]>
> Sent: Wednesday, November 6, 2019 8:24 AM
>
> External Email
>
> ----------------------------------------------------------------------
> Move the release operation after error log to avoid possible use after free.
>
> Signed-off-by: Pan Bian <[email protected]>
> ---
> drivers/infiniband/hw/qedr/qedr_iw_cm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> index 22881d4442b9..eedc32b72ff2 100644
> --- a/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> +++ b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> @@ -451,10 +451,10 @@ qedr_addr6_resolve(struct qedr_dev *dev,
>
> if ((!dst) || dst->error) {
> if (dst) {
> - dst_release(dst);
> DP_ERR(dev,
> "ip6_route_output returned dst->error = %d\n",
> dst->error);
> + dst_release(dst);
> }
> return -EINVAL;
> }
> --
> 2.7.4
Thanks,?
Acked-by: Michal Kalderon?<[email protected]>
On Wed, Nov 06, 2019 at 02:23:54PM +0800, Pan Bian wrote:
> Move the release operation after error log to avoid possible use after
> free.
>
> Signed-off-by: Pan Bian <[email protected]>
> ---
> drivers/infiniband/hw/qedr/qedr_iw_cm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to for-next, thanks
Jason