summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorJack Morgenstein <jackm@dev.mellanox.co.il>2009-03-03 23:30:01 +0100
committerRoland Dreier <rolandd@cisco.com>2009-03-03 23:30:01 +0100
commit6b708b3dde0ab3a10a0eea7774c1d6482f32f587 (patch)
treefb3f7451940c0d9569bcc10810bbc993c3366535 /arch
parentMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rol... (diff)
downloadlinux-6b708b3dde0ab3a10a0eea7774c1d6482f32f587.tar.xz
linux-6b708b3dde0ab3a10a0eea7774c1d6482f32f587.zip
IB/sa_query: Fix AH leak due to update_sm_ah() race
Our testing uncovered a race condition in ib_sa_event(): spin_lock_irqsave(&port->ah_lock, flags); if (port->sm_ah) kref_put(&port->sm_ah->ref, free_sm_ah); port->sm_ah = NULL; spin_unlock_irqrestore(&port->ah_lock, flags); schedule_work(&sa_dev->port[event->element.port_num - sa_dev->start_port].update_task); If two events occur back-to-back (e.g., client-reregister and LID change), both may pass the spinlock-protected code above before the scheduled work updates the port->sm_ah handle. Then if the scheduled work ends up running twice, the second operation will then find a non-NULL port->sm_ah, and will simply overwrite it in update_sm_ah -- resulting in an AH leak. Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions