Jason Gunthorpe abe5aabf5c IB/uverbs: Fix race between uverbs_close and remove_one ... commit d1e09f304a upstream. Fixes an oops that might happen if uverbs_close races with remove_one. Both contexts may run ib_uverbs_cleanup_ucontext, it depends on the flow. Currently, there is no protection for a case that remove_one didn't make the cleanup it runs to its end, the underlying ib_device was freed then uverbs_close will call ib_uverbs_cleanup_ucontext and OOPs. Above might happen if uverbs_close deleted the file from the list then remove_one didn't find it and runs to its end. Fixes to protect against that case by a new cleanup lock so that ib_uverbs_cleanup_ucontext will be called always before that remove_one is ended. Fixes: 35d4a0b63d ("IB/uverbs: Fix race between ib_uverbs_open and remove_one") Reported-by: Devesh Sharma <devesh.sharma@broadcom.com> Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Yishai Hadas <yishaih@mellanox.com> Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2016-09-24 10:07:37 +02:00
..
core	IB/uverbs: Fix race between uverbs_close and remove_one	2016-09-24 10:07:37 +02:00
hw	IB/mlx4: Fix memory leak if QP creation failed	2016-08-20 18:09:25 +02:00
ulp	IB/IPoIB: Do not set skb truesize since using one linearskb	2016-09-15 08:27:49 +02:00
Kconfig	IB/ehca: Deprecate driver, move to staging, schedule deletion	2015-09-11 18:13:35 -04:00
Makefile	IB: Allow build of hw/ and ulp/ subdirectories independently	2014-06-02 14:51:12 -07:00