nvmet-fc race may lead to a kernel panic
Engel, Amit
Amit.Engel at Dell.com
Sun Jul 21 10:51:30 PDT 2024
Hello,
We found a potential race in nvmet-fc that may lead to a kernel panic.
Details:
the race is between nvmet_fc_remove_port() and nvmet_fc_handle_fcp_rqst().
As part of nvmet_fc_remove_port(), 'pe' pointer is being set to NULL.
As part of nvmet_fc_handle_fcp_rqst(), 'pe' is being dereferenced (fod->req.port = tgtport->pe->port;)
At that point 'pe' might already be set to NULL.
checking if 'pe' is not equal NULL (nvmet_fc_handle_fcp_rqst(), one line above accessing to pe) is not enough to avoid this race.
Any thoughts?
We are working on a fix. once it will be ready we will send it for your review.
Thanks,
Amit
Internal Use - Confidential
More information about the Linux-nvme
mailing list