mbox series

[0/2] Fix use-after-free errors in lpfc driver when using NVMe

Message ID 20190117161445.25671-1-emilne@redhat.com (mailing list archive)
Headers show
Series Fix use-after-free errors in lpfc driver when using NVMe | expand

Message

Ewan Milne Jan. 17, 2019, 4:14 p.m. UTC 
These two patches fix use-after-free errors in the shutdown path of the lpfc
driver with both the Initiator and Target mode usage of FC ports.

The problem is very apparent with slub_debug enabled, as the memory poisoning
prevents the wait_for_completion_timeout() from returning after the object
has been freed.

Ewan D. Milne (2):
  lpfc: nvme: avoid hang / use-after-free when destroying localport
  lpfc: nvmet: avoid hang / use-after-free when destroying targetport

 drivers/scsi/lpfc/lpfc_nvme.c  | 16 +++++++++-------
 drivers/scsi/lpfc/lpfc_nvme.h  |  2 +-
 drivers/scsi/lpfc/lpfc_nvmet.c |  8 +++++---
 drivers/scsi/lpfc/lpfc_nvmet.h |  2 +-
 4 files changed, 16 insertions(+), 12 deletions(-)

Comments

Martin K. Petersen Jan. 23, 2019, 1:43 a.m. UTC | #1 
Ewan,

> These two patches fix use-after-free errors in the shutdown path of
> the lpfc driver with both the Initiator and Target mode usage of FC
> ports.
>
> The problem is very apparent with slub_debug enabled, as the memory
> poisoning prevents the wait_for_completion_timeout() from returning
> after the object has been freed.

Applied to 5.0/scsi-fixes. Thanks!