Re: [PATCH 2/2] lpfc: nvmet: avoid hang / use-after-free when destroying targetport

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/17/2019 8:14 AM, Ewan D. Milne wrote:

We cannot wait on a completion object in the lpfc_nvme_targetport structure
in the _destroy_targetport() code path because the NVMe/fc transport will
free that structure immediately after the .targetport_delete() callback.
This results in a use-after-free, and a hang if slub_debug=FZPU is enabled.

Fix this by putting the completion on the stack.

Signed-off-by: Ewan D. Milne <emilne@xxxxxxxxxx>
---
  drivers/scsi/lpfc/lpfc_nvmet.c | 8 +++++---
  drivers/scsi/lpfc/lpfc_nvmet.h | 2 +-
  2 files changed, 6 insertions(+), 4 deletions(-)




Reviewed-by:   James Smart  <james.smart@xxxxxxxxxxxx>

Thank you Ewan

-- james
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux