mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 14:19:16 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/nvme/target
History
Damien Le Moal fafcb4b263 nvmet: avoid potential UAF in nvmet_req_complete() 
[ Upstream commit 6173a77b7e ]

An nvme target ->queue_response() operation implementation may free the
request passed as argument. Such implementation potentially could result
in a use after free of the request pointer when percpu_ref_put() is
called in nvmet_req_complete().

Avoid such problem by using a local variable to save the sq pointer
before calling __nvmet_req_complete(), thus avoiding dereferencing the
req pointer after that function call.

Fixes: a07b4970f4 ("nvmet: add a generic NVMe target")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-03-22 13:27:09 +01:00
..
admin-cmd.c
configfs.c
core.c nvmet: avoid potential UAF in nvmet_req_complete() 2023-03-22 13:27:09 +01:00
discovery.c
fabrics-cmd.c
fc.c nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association 2023-02-22 12:47:19 +01:00
fcloop.c nvme-fc: Revert "add module to ops template to allow module references" 2020-04-17 10:48:45 +02:00
io-cmd-bdev.c
io-cmd-file.c nvmet: seset ns->file when open fails 2021-05-26 11:48:32 +02:00
Kconfig
loop.c nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() 2021-06-30 08:48:12 -04:00
Makefile
nvmet.h
rdma.c nvmet-rdma: fix double free of rdma queue 2020-10-01 13:14:41 +02:00