IB/core: Free umem when mm is already gone

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Free umem when task's mm is already destroyed by the time
ib_umem_release gets called.

Found by Dotan Barak at Mellanox.

Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>

authored by

Eli Cohen and committed by

Roland Dreier 19 years ago 7b82cd8e 55b637c6

+3 -1

1 changed file

expand all

drivers

infiniband

core

umem.c

+3 -1

drivers/infiniband/core/umem.c

··· 209 209 __ib_umem_release(umem->context->device, umem, 1); 210 210 211 211 mm = get_task_mm(current); 212 - if (!mm) 212 + if (!mm) { 213 + kfree(umem); 213 214 return; 215 + } 214 216 215 217 diff = PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT; 216 218