Re: [patch] IB/core: off by one in error handling
On 08/18/2015 05:23 AM, Dan Carpenter wrote:
> This is a zero offset array. The current code could try to free random
> memory and crash. Also it leaks the first element.
>
> Fixes: 230145ff8124 ('IB/core: Add RoCE GID table management')
> Signed-off-by: Dan Carpenter
This one, however, was not needed after Matan's fixup series was applied.
> diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
> index a9d5c70..f5d14a7 100644
> --- a/drivers/infiniband/core/cache.c
> +++ b/drivers/infiniband/core/cache.c
> @@ -582,7 +582,7 @@ static int _gid_table_setup_one(struct ib_device *ib_dev)
> return 0;
>
> rollback_table_setup:
> - for (port = 1; port <= ib_dev->phys_port_cnt; port++)
> + for (port = 0; port < ib_dev->phys_port_cnt; port++)
> free_gid_table(ib_dev, port, table[port]);
>
> kfree(table);
>
--
Doug Ledford
GPG KeyID: 0E572FDD
signature.asc
Description: OpenPGP digital signature
Re: [patch] IB/core: off by one in error handling
On 08/28/2015 09:18 PM, ira.weiny wrote:
On Tue, Aug 18, 2015 at 12:23:17PM +0300, Dan Carpenter wrote:
This is a zero offset array. The current code could try to free random
memory and crash. Also it leaks the first element.
Fixes: 230145ff8124 ('IB/core: Add RoCE GID table management')
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
I don't actually see this in Dougs to-be-rebased/for-4.3 tree.
Looks like Doug picked up a different version of the patch in the latest
rebase.
annotating cache.c I see a different change from Matan in commit
76680c1cfc5ab
+rollback_table_setup:
+ for (port = 0; port ib_dev-phys_port_cnt; port++) {
+ cleanup_gid_table_port(ib_dev, port + rdma_start_port(ib_dev),
+ table[port]);
+ release_gid_table(table[port]);
+ }
Ira
Correct, so I dropped this patch.
diff --git a/drivers/infiniband/core/cache.c
b/drivers/infiniband/core/cache.c
index a9d5c70..f5d14a7 100644
--- a/drivers/infiniband/core/cache.c
+++ b/drivers/infiniband/core/cache.c
@@ -582,7 +582,7 @@ static int _gid_table_setup_one(struct ib_device *ib_dev)
return 0;
rollback_table_setup:
-for (port = 1; port = ib_dev-phys_port_cnt; port++)
+for (port = 0; port ib_dev-phys_port_cnt; port++)
free_gid_table(ib_dev, port, table[port]);
kfree(table);
--
To unsubscribe from this list: send the line unsubscribe linux-rdma in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Doug Ledford dledf...@redhat.com
GPG KeyID: 0E572FDD
signature.asc
Description: OpenPGP digital signature
Re: [patch] IB/core: off by one in error handling
On Tue, Aug 18, 2015 at 12:23:17PM +0300, Dan Carpenter wrote:
This is a zero offset array. The current code could try to free random
memory and crash. Also it leaks the first element.
Fixes: 230145ff8124 ('IB/core: Add RoCE GID table management')
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
I don't actually see this in Dougs to-be-rebased/for-4.3 tree.
Looks like Doug picked up a different version of the patch in the latest
rebase.
annotating cache.c I see a different change from Matan in commit
76680c1cfc5ab
+rollback_table_setup:
+ for (port = 0; port ib_dev-phys_port_cnt; port++) {
+ cleanup_gid_table_port(ib_dev, port + rdma_start_port(ib_dev),
+ table[port]);
+ release_gid_table(table[port]);
+ }
Ira
diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
index a9d5c70..f5d14a7 100644
--- a/drivers/infiniband/core/cache.c
+++ b/drivers/infiniband/core/cache.c
@@ -582,7 +582,7 @@ static int _gid_table_setup_one(struct ib_device *ib_dev)
return 0;
rollback_table_setup:
- for (port = 1; port = ib_dev-phys_port_cnt; port++)
+ for (port = 0; port ib_dev-phys_port_cnt; port++)
free_gid_table(ib_dev, port, table[port]);
kfree(table);
--
To unsubscribe from this list: send the line unsubscribe linux-rdma in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] IB/core: off by one in error handling
This is a zero offset array. The current code could try to free random
memory and crash. Also it leaks the first element.
Fixes: 230145ff8124 ('IB/core: Add RoCE GID table management')
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
index a9d5c70..f5d14a7 100644
--- a/drivers/infiniband/core/cache.c
+++ b/drivers/infiniband/core/cache.c
@@ -582,7 +582,7 @@ static int _gid_table_setup_one(struct ib_device *ib_dev)
return 0;
rollback_table_setup:
- for (port = 1; port = ib_dev-phys_port_cnt; port++)
+ for (port = 0; port ib_dev-phys_port_cnt; port++)
free_gid_table(ib_dev, port, table[port]);
kfree(table);
--
To unsubscribe from this list: send the line unsubscribe linux-rdma in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
