* [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
@ 2005-11-23 22:34 Adrian Bunk
0 siblings, 0 replies; 8+ messages in thread
From: Adrian Bunk @ 2005-11-23 22:34 UTC (permalink / raw)
To: Linus Torvalds, Andrew Morton
Cc: rolandd, mshefty, halr, openib-general, linux-kernel
The Coverity checker spotted this obvious NULL pointer dereference
caused by a wrong order of the cleanups.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
This patch was already sent on:
- 21 Nov 2005
--- linux-2.6.15-rc1-mm2-full/drivers/infiniband/core/mad.c.old 2005-11-20 22:04:36.000000000 +0100
+++ linux-2.6.15-rc1-mm2-full/drivers/infiniband/core/mad.c 2005-11-20 22:05:17.000000000 +0100
@@ -355,9 +355,9 @@
spin_unlock_irqrestore(&port_priv->reg_lock, flags);
kfree(reg_req);
error3:
- kfree(mad_agent_priv);
-error2:
ib_dereg_mr(mad_agent_priv->agent.mr);
+error2:
+ kfree(mad_agent_priv);
error1:
return ret;
}
^ permalink raw reply [flat|nested] 8+ messages in thread
* [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
@ 2005-11-26 23:37 Adrian Bunk
2005-11-27 23:51 ` Roland Dreier
0 siblings, 1 reply; 8+ messages in thread
From: Adrian Bunk @ 2005-11-26 23:37 UTC (permalink / raw)
To: Linus Torvalds, Andrew Morton
Cc: rolandd, mshefty, halr, openib-general, linux-kernel
The Coverity checker spotted this obvious NULL pointer dereference
caused by a wrong order of the cleanups.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
This patch was already sent on:
- 23 Nov 2005
- 21 Nov 2005
--- linux-2.6.15-rc1-mm2-full/drivers/infiniband/core/mad.c.old 2005-11-20 22:04:36.000000000 +0100
+++ linux-2.6.15-rc1-mm2-full/drivers/infiniband/core/mad.c 2005-11-20 22:05:17.000000000 +0100
@@ -355,9 +355,9 @@
spin_unlock_irqrestore(&port_priv->reg_lock, flags);
kfree(reg_req);
error3:
- kfree(mad_agent_priv);
-error2:
ib_dereg_mr(mad_agent_priv->agent.mr);
+error2:
+ kfree(mad_agent_priv);
error1:
return ret;
}
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
2005-11-26 23:37 Adrian Bunk
@ 2005-11-27 23:51 ` Roland Dreier
2005-11-28 0:25 ` Adrian Bunk
0 siblings, 1 reply; 8+ messages in thread
From: Roland Dreier @ 2005-11-27 23:51 UTC (permalink / raw)
To: Adrian Bunk
Cc: Linus Torvalds, Andrew Morton, rolandd, mshefty, halr,
openib-general, linux-kernel
Thanks, I already have this in my git tree of pending changes
(I found it by actually hitting the crash it causes with CONFIG_DEBUG_SLAB=y).
- R.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
2005-11-27 23:51 ` Roland Dreier
@ 2005-11-28 0:25 ` Adrian Bunk
2005-11-28 17:59 ` Roland Dreier
0 siblings, 1 reply; 8+ messages in thread
From: Adrian Bunk @ 2005-11-28 0:25 UTC (permalink / raw)
To: Roland Dreier
Cc: Linus Torvalds, Andrew Morton, mshefty, halr, openib-general,
linux-kernel
On Sun, Nov 27, 2005 at 03:51:41PM -0800, Roland Dreier wrote:
> Thanks, I already have this in my git tree of pending changes
> (I found it by actually hitting the crash it causes with CONFIG_DEBUG_SLAB=y).
Can you Cc me when forwarding it to Linus?
After it's in Linus' tree, Greg will accept it for the 2.6.14 stable
tree.
> - R.
TIA
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
2005-11-28 0:25 ` Adrian Bunk
@ 2005-11-28 17:59 ` Roland Dreier
2005-11-29 12:30 ` Adrian Bunk
0 siblings, 1 reply; 8+ messages in thread
From: Roland Dreier @ 2005-11-28 17:59 UTC (permalink / raw)
To: Adrian Bunk
Cc: Linus Torvalds, Andrew Morton, mshefty, halr, openib-general,
linux-kernel
Adrian> Can you Cc me when forwarding it to Linus?
Looks like it went into Linus's tree directly from you (which is fine).
Adrian> After it's in Linus' tree, Greg will accept it for the
Adrian> 2.6.14 stable tree.
Is this really important enough for the stable tree?
- R.
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
2005-11-28 17:59 ` Roland Dreier
@ 2005-11-29 12:30 ` Adrian Bunk
2005-11-29 17:07 ` Roland Dreier
0 siblings, 1 reply; 8+ messages in thread
From: Adrian Bunk @ 2005-11-29 12:30 UTC (permalink / raw)
To: Roland Dreier
Cc: Linus Torvalds, Andrew Morton, mshefty, halr, openib-general,
linux-kernel
On Mon, Nov 28, 2005 at 09:59:17AM -0800, Roland Dreier wrote:
> Adrian> Can you Cc me when forwarding it to Linus?
>
> Looks like it went into Linus's tree directly from you (which is fine).
It went through Andrew.
> Adrian> After it's in Linus' tree, Greg will accept it for the
> Adrian> 2.6.14 stable tree.
>
> Is this really important enough for the stable tree?
You said it fixed a crash for you.
Besides this, it's a small and easy to verify change.
> - R.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
2005-11-29 12:30 ` Adrian Bunk
@ 2005-11-29 17:07 ` Roland Dreier
0 siblings, 0 replies; 8+ messages in thread
From: Roland Dreier @ 2005-11-29 17:07 UTC (permalink / raw)
To: Adrian Bunk
Cc: Linus Torvalds, Andrew Morton, mshefty, halr, openib-general,
linux-kernel
Roland> Is this really important enough for the stable tree?
Adrian> You said it fixed a crash for you.
To trigger the patch, you have to hit the error path, which in
practical terms requires buggy code calling into the function. And
you also have to either be running with CONFIG_DEBUG_SLAB=y or be
extremely unlucky. So I don't think anyone who's not developing IB
driver code could ever hit the crash, and any developers are going to
be running the latest tree anyway.
Adrian> Besides this, it's a small and easy to verify change.
Sure, I don't mind it going into the stable tree. I'm just not sure
it's worth spending everyone's time on it.
- R.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference
@ 2005-11-20 23:14 Adrian Bunk
0 siblings, 0 replies; 8+ messages in thread
From: Adrian Bunk @ 2005-11-20 23:14 UTC (permalink / raw)
To: rolandd, mshefty, halr; +Cc: openib-general, linux-kernel, stable
The Coverity checker spotted this obvious NULL pointer dereference
caused by a wrong order of the cleanups.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
--- linux-2.6.15-rc1-mm2-full/drivers/infiniband/core/mad.c.old 2005-11-20 22:04:36.000000000 +0100
+++ linux-2.6.15-rc1-mm2-full/drivers/infiniband/core/mad.c 2005-11-20 22:05:17.000000000 +0100
@@ -355,9 +355,9 @@
spin_unlock_irqrestore(&port_priv->reg_lock, flags);
kfree(reg_req);
error3:
- kfree(mad_agent_priv);
-error2:
ib_dereg_mr(mad_agent_priv->agent.mr);
+error2:
+ kfree(mad_agent_priv);
error1:
return ret;
}
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-11-29 17:08 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-23 22:34 [2.6 patch] drivers/infiniband/core/mad.c: fix a NULL pointer dereference Adrian Bunk
-- strict thread matches above, loose matches on Subject: below --
2005-11-26 23:37 Adrian Bunk
2005-11-27 23:51 ` Roland Dreier
2005-11-28 0:25 ` Adrian Bunk
2005-11-28 17:59 ` Roland Dreier
2005-11-29 12:30 ` Adrian Bunk
2005-11-29 17:07 ` Roland Dreier
2005-11-20 23:14 Adrian Bunk
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox