4.7-stable review patch. If anyone has any objections, please let me know.
------------------ From: Mustafa Ismail <[email protected]> commit 433c58139f6a7d59824aadd23d6c9cac1d4e6100 upstream. iwpbl->iwmr points to the structure that contains iwpbl, which is iwmr. Setting this to NULL would result in writing to freed memory. So just free iwmr, and return. Fixes: d37498417947 ("i40iw: add files for iwarp interface") Reported-by: Stefan Assmann <[email protected]> Signed-off-by: Mustafa Ismail <[email protected]> Signed-off-by: Shiraz Saleem <[email protected]> Signed-off-by: Doug Ledford <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c +++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c @@ -1924,8 +1924,7 @@ static int i40iw_dereg_mr(struct ib_mr * } if (iwpbl->pbl_allocated) i40iw_free_pble(iwdev->pble_rsrc, palloc); - kfree(iwpbl->iwmr); - iwpbl->iwmr = NULL; + kfree(iwmr); return 0; }
