[PATCH 4/4] nvmet-loop: do not call nvme_ctrl_put() after nvme_ctrl_uninit()

Fri Mar 1 03:28:23 PST 2024

nvme_ctrl_uninit() already calls nvme_ctrl_put(), doing it twice
will cause an UAF.

Signed-off-by: Daniel Wagner <dwagner at suse.de>
Signed-off-by: Hannes Reinecke <hare at suse.de>
---
 drivers/nvme/target/loop.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c
index f1d5eee3daec..82db181f0168 100644
--- a/drivers/nvme/target/loop.c
+++ b/drivers/nvme/target/loop.c
@@ -615,7 +615,6 @@ static struct nvme_ctrl *nvme_loop_create_ctrl(struct device *dev,
 	kfree(ctrl->queues);
 out_uninit_ctrl:
 	nvme_uninit_ctrl(&ctrl->ctrl);
-	nvme_put_ctrl(&ctrl->ctrl);
 out:
 	if (ret > 0)
 		ret = -EIO;
-- 
2.35.3


