On Tue, 2012-05-01 at 10:09 +0200, Paolo Bonzini wrote: > Il 18/04/2012 16:09, James Bottomley ha scritto: > >> > Fix a race in TMF path, where cmd may have been already freed > >> > by virtscsi_complete_free after waking up from the completion. > > There's no may about this; the command will be freed long before the > > completion waiter is awoken. The description could be clearer. > > > > The problem is a use after free in virtscsi_tmf because the > > virtio_scsi_command is freed before the completion returns. > > > > The fix is to make callers specifying a completion responsible for > > freeing the command in all cases. > > I don't see this in the pull request, were you waiting for v2 with a > better commit message? That would be because you didn't reply. I was expecting either a comment or a rewording of the change log. My inbox works by threads rising to the top and completed ones going into the patch queue. If no-one replys to a thread expecting one, it just gets lost. James -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
