Roland Dreier wrote:
> BTW: any idea how this ever got triggered? The only way I can see is
> if you're either not using libipathverbs and libibverbs and you just
> create the CQ some other way, which seems unlikely. Do you know how
> Jason triggered this bug?
Yes, it was because he was us
> BTW: any idea how this ever got triggered? The only way I can see is
> if you're either not using libipathverbs and libibverbs and you just
> create the CQ some other way, which seems unlikely. Do you know how
> Jason triggered this bug?
Yes, it was because he was using 32-bit userspace an
Roland Dreier wrote:
I just queued all of this for 2.6.22.
Is there any chance of getting a fix for the use-after-free that can
be caused by allocating something from userspace, failing to mmap the
buffer and then exiting? To see what happens, look at how
ipath_create_cq sticks a struct ipath_m
Roland Dreier wrote:
> Is there any chance of getting a fix for the use-after-free that can
> be caused by allocating something from userspace, failing to mmap the
> buffer and then exiting? To see what happens, look at how
> ipath_create_cq sticks a struct ipath_mmap_info into the pending m
> Is there any chance of getting a fix for the use-after-free that can
> be caused by allocating something from userspace, failing to mmap the
> buffer and then exiting? To see what happens, look at how
> ipath_create_cq sticks a struct ipath_mmap_info into the pending mmap
> "list" (and yes
5 matches
Mail list logo
