[PATCH] nvmet-fc: Fix potential Use-after-free bug in nvmet_fc_delete_target_queue()
James Smart
jsmart2021 at gmail.com
Mon Sep 19 10:57:05 PDT 2022
On 9/18/2022 6:46 PM, Liang He wrote:
>>
>> kfree(deferfcp);
>>
>> - spin_lock_irqsave(&queue->qlock, flags);
>> + spin_lock_irqsave(q_lock, flags);
>> }
>> spin_unlock_irqrestore(&queue->qlock, flags);
>>
>> --
>> 2.25.1
>
> Sorry, my patch is totally wrong as the 'qlock' is embeded into queue.
> So if queue is freed, the 'qlock' will also be freed.
>
> Now, we can only hope the 'nvmet_fc_tgt_q_put' in lin 941 will never really free the 'queue'.
Did you actually see that occur (line 941 freed the queue) ?
-- james
More information about the Linux-nvme
mailing list