Commit 7b82cd8e authored by Eli Cohen's avatar Eli Cohen Committed by Roland Dreier

IB/core: Free umem when mm is already gone

Free umem when task's mm is already destroyed by the time
ib_umem_release gets called.

Found by Dotan Barak at Mellanox.
Signed-off-by: default avatarEli Cohen <eli@mellanox.co.il>
Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
parent 55b637c6
...@@ -209,8 +209,10 @@ void ib_umem_release(struct ib_umem *umem) ...@@ -209,8 +209,10 @@ void ib_umem_release(struct ib_umem *umem)
__ib_umem_release(umem->context->device, umem, 1); __ib_umem_release(umem->context->device, umem, 1);
mm = get_task_mm(current); mm = get_task_mm(current);
if (!mm) if (!mm) {
kfree(umem);
return; return;
}
diff = PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT; diff = PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment