On Tue, 2017-02-07 at 07:53 -0800, Nicholas A. Bellinger wrote: > iscsi-target and iser-target currently depend upon > transport_generic_free_cmd() to both quiesce, and wait for the se_cmd to > complete via se_cmd->cmd_wait_comp in the CMD_T_ABORTED path before > returning to the caller. > > This is required because as soon as all the transport_generic_free_cmd() > callers return, iscsi-target + iser-target expect for it to be safe to > release se_session associated memory. > > Which means that if transport_generic_free_cmd() doesn't wait during the > second order issue when CMD_T_ABORTED is blocked waiting for se_cmd to > be quiesced from se_device->tmr_wq context, it will trigger > use-after-free OOPsen. That's useful feedback. Although I have not seen any such OOPSes in my tests, I will make sure that no such use-after-free is triggered. Bart.-- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
