Re: [PATCH v2] infiniband: Fix a use after free in isert_connect_request

On Mon, Mar 22, 2021 at 09:13:25AM -0700, Lv Yunlong wrote: > The device is got by isert_device_get() with refcount is 1, > and is assigned to isert_conn by isert_conn->device = device. > When isert_create_qp() failed, device will be freed with > isert_device_put(). > > Later, the device is used i

Re: [PATCH v2] infiniband: Fix a use after free in isert_connect_request

On 3/22/2021 6:13 PM, Lv Yunlong wrote: The device is got by isert_device_get() with refcount is 1, and is assigned to isert_conn by isert_conn->device = device. When isert_create_qp() failed, device will be freed with isert_device_put(). Later, the device is used in isert_free_login_buf(isert

Re: [PATCH v2] infiniband: Fix a use after free in isert_connect_request

On Mon, Mar 22, 2021 at 09:13:25AM -0700, Lv Yunlong wrote: > The device is got by isert_device_get() with refcount is 1, > and is assigned to isert_conn by isert_conn->device = device. > When isert_create_qp() failed, device will be freed with > isert_device_put(). > > Later, the device is used i

Re: [PATCH v2] infiniband: Fix a use after free in isert_connect_request

Acked-by: Sagi Grimberg

[PATCH v2] infiniband: Fix a use after free in isert_connect_request

The device is got by isert_device_get() with refcount is 1, and is assigned to isert_conn by isert_conn->device = device. When isert_create_qp() failed, device will be freed with isert_device_put(). Later, the device is used in isert_free_login_buf(isert_conn) by the isert_conn->device->ib_device