Hello Mike Christie,
The patch 9103575ae34e: "tcmu: make ring buffer timer configurable"
from Nov 28, 2017, leads to the following static checker warning:
drivers/target/target_core_user.c:1173 tcmu_check_expired_cmd()
error: dereferencing freed memory 'cmd'
drivers/target/target_core_user.c
1162 scsi_status = SAM_STAT_CHECK_CONDITION;
1163 } else {
1164 list_del_init(&cmd->cmdr_queue_entry);
1165
1166 idr_remove(&udev->commands, id);
1167 tcmu_free_cmd(cmd);
^^^^^^^^^^^^^^^^^^
Freed
1168 scsi_status = SAM_STAT_TASK_SET_FULL;
1169 }
1170
1171 pr_debug("Timing out cmd %u on dev %s that is %s.\n",
1172 id, udev->name, is_running ? "inflight" : "queued");
1173
1174 se_cmd = cmd->se_cmd;
^^^^^^^^^^^
Use after free
1175 cmd->se_cmd = NULL;
^^^^^^^^^^^^^^^^^^
1176 target_complete_cmd(se_cmd, scsi_status);
1177 return 0;
1178 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
