It seems that on error mthca_alloc_av is freeing memory it didnt
allocate, which can theoretically lead to double free condition
(havent seen this in practice).
Does the following patch make sense?
---
Fix double free condition in libmthca.
Signed-off-by: Michael S. Tsirkin <[EMAIL PROTECTED]>
Index: src/userspace/libmthca/src/ah.c
===================================================================
--- src/userspace/libmthca/src/ah.c (revision 3994)
+++ src/userspace/libmthca/src/ah.c (working copy)
@@ -111,7 +111,6 @@ int mthca_alloc_av(struct mthca_pd *pd,
page = __add_page(pd, ps, pp);
if (!page) {
- free(ah);
pthread_mutex_unlock(&pd->ah_mutex);
return -1;
}
--
MST
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
