i40iw: Avoid writing to freed memory
authorMustafa Ismail <mustafa.ismail@intel.com>
Tue, 23 Aug 2016 22:24:56 +0000 (17:24 -0500)
committerDoug Ledford <dledford@redhat.com>
Wed, 24 Aug 2016 15:31:40 +0000 (11:31 -0400)
iwpbl->iwmr points to the structure that contains iwpbl,
which is iwmr. Setting this to NULL would result in
writing to freed memory. So just free iwmr, and return.

Fixes: d37498417947 ("i40iw: add files for iwarp interface")
Reported-by: Stefan Assmann <sassmann@redhat.com>
Signed-off-by: Mustafa Ismail <mustafa.ismail@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/hw/i40iw/i40iw_verbs.c

index 722e5af1e3d85392b3345637ee8b0b601900adb5..6329c971c22fc383330099fa07819b4666ee48b8 100644 (file)
@@ -1925,8 +1925,7 @@ static int i40iw_dereg_mr(struct ib_mr *ib_mr)
                }
                if (iwpbl->pbl_allocated)
                        i40iw_free_pble(iwdev->pble_rsrc, palloc);
-               kfree(iwpbl->iwmr);
-               iwpbl->iwmr = NULL;
+               kfree(iwmr);
                return 0;
        }