Re: [PATCH 1/2] lpfc: nvme: avoid hang / use-after-free when destroying localport

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/17/2019 8:14 AM, Ewan D. Milne wrote:

We cannot wait on a completion object in the lpfc_nvme_lport structure
in the _destroy_localport() code path because the NVMe/fc transport will
free that structure immediately after the .localport_delete() callback.
This results in a use-after-free, and a hang if slub_debug=FZPU is enabled.

Fix this by putting the completion on the stack.

Signed-off-by: Ewan D. Milne <emilne@xxxxxxxxxx>
---
  drivers/scsi/lpfc/lpfc_nvme.c | 16 +++++++++-------
  drivers/scsi/lpfc/lpfc_nvme.h |  2 +-
  2 files changed, 10 insertions(+), 8 deletions(-)




Reviewed-by:   James Smart  <james.smart@xxxxxxxxxxxx>

Thank you Ewan

-- james
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux