IB/hfi1: Fix potential use-after-free in PIO and SDMA map teardown - kernel/linux.git

diff options

author	Li RongQing <lirongqing@baidu.com>	2026-02-06 08:08:36 +0300
committer	Jason Gunthorpe <jgg@nvidia.com>	2026-04-28 17:15:49 +0300
commit	76b48a70b16b4036814964b039cde413e0164416 (patch)
tree	16a29e62d91df65f826edbb9c714aa4abd808ec9 /include/linux/raid
parent	254f49634ee16a731174d2ae34bc50bd5f45e731 (diff)
download	linux-76b48a70b16b4036814964b039cde413e0164416.tar.xz

IB/hfi1: Fix potential use-after-free in PIO and SDMA map teardown

The current teardown logic for dd->pio_map and dd->sdma_map frees the structures while they might still be accessed by RCU readers. Although the pointer is nulled under a spinlock, the memory is reclaimed before waiting for the grace period to end. This patch fixes the sequence by: 1. Extracting the pointer under the lock. 2. Clearing the RCU-protected pointer. 3. Waiting for readers to finish with synchronize_rcu(). 4. Finally freeing the memory. Fixes: 7724105686e7 ("IB/hfi1: add driver files") Link: https://patch.msgid.link/r/20260206050836.5890-1-lirongqing@baidu.com Signed-off-by: Li RongQing <lirongqing@baidu.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

Diffstat (limited to 'include/linux/raid')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: