• Erez Shitrit's avatar
    IB/IPoIB: Fix kernel panic on multicast flow · 50be28de
    Erez Shitrit authored
    ipoib_mcast_restart_task calls ipoib_mcast_remove_list with the
    parameter mcast->dev. That mcast is a temporary (used as an iterator)
    variable that may be uninitialized.
    There is no need to send the variable dev to the function, as each mcast
    has its dev as a member in the mcast struct.
    
    This causes the next panic:
    RIP: 0010: ipoib_mcast_leave+0x6d/0xf0 [ib_ipoib]
    RSP: 0018: EFLAGS: 00010246
    RAX: f0201 RBX: 24e00 RCX: 00000
    ....
    ....
    Stack:
    Call Trace:
    	ipoib_mcast_remove_list+0x3a/0x70 [ib_ipoib]
    	ipoib_mcast_restart_task+0x3bb/0x520 [ib_ipoib]
    	process_one_work+0x164/0x470
    	worker_thread+0x11d/0x420
    	...
    
    Fixes: 5a0e81f6 ('IB/IPoIB: factor out common multicast list removal code')
    Signed-off-by: default avatarErez Shitrit <erezsh@mellanox.com>
    Reported-by: default avatarDoron Tsur <doront@mellanox.com>
    Reviewed-by: default avatarChristoph Lameter <cl@linux.com>
    Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
    50be28de
ipoib.h 21.7 KB