From 7b82cd8ee7374f803a3daf9a6cbc6eb4bbb10a63 Mon Sep 17 00:00:00 2001 From: Eli Cohen Date: Mon, 14 May 2007 11:35:43 +0300 Subject: IB/core: Free umem when mm is already gone Free umem when task's mm is already destroyed by the time ib_umem_release gets called. Found by Dotan Barak at Mellanox. Signed-off-by: Eli Cohen Signed-off-by: Roland Dreier --- drivers/infiniband/core/umem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/infiniband') diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index f32ca5fbb26..6009234e4f9 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -209,8 +209,10 @@ void ib_umem_release(struct ib_umem *umem) __ib_umem_release(umem->context->device, umem, 1); mm = get_task_mm(current); - if (!mm) + if (!mm) { + kfree(umem); return; + } diff = PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT; -- cgit v1.2.3-70-g09d2