[Bug 264650] RDMA/ucma: Fix use-after-free access in ucma_close

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 264650] RDMA/ucma: Fix use-after-free access in ucma_close"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 13 Jun 2022 02:43:31 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264650

            Bug ID: 264650
           Summary: RDMA/ucma: Fix use-after-free access in ucma_close
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: xiaohuizhang@ruc.edu.cn

Created attachment 234656
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=234656&action=edit
a possible patch

The error in ucma_create_id() left ctx in the list of contexts belong
to ucma file descriptor. The attempt to close this file descriptor causes
to use-after-free accesses while iterating over such list.

-- 
You are receiving this mail because:
You are the assignee for the bug.