Re: [PATCH v2 1/2] nvmet_fc: add defer_req callback for deferment of cmd buffer return

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/04/17 17:29, James Smart wrote:
> +	/* Cleanup defer'ed IOs in queue */
> +	list_for_each_entry(deferfcp, &queue->avail_defer_list, req_list) {
> +		list_del(&deferfcp->req_list);
> +		kfree(deferfcp);
> +	}

Hello James,

Coverity reports a user-after-free for the above code:

*** CID 1416424:  Memory - illegal accesses  (USE_AFTER_FREE)
/drivers/nvme/target/fc.c: 738 in nvmet_fc_delete_target_queue()
732     					&tgtport->fc_target_port, fod->fcpreq);
733     			}
734     		}
735     	}
736     
737     	/* Cleanup defer'ed IOs in queue */
>>>     CID 1416424:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "deferfcp".
738     	list_for_each_entry(deferfcp, &queue->avail_defer_list, req_list) {
739     		list_del(&deferfcp->req_list);
740     		kfree(deferfcp);
741     	}
742     
743     	for (;;) {
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux