[PATCH 4/4] nvmet-loop: do not call nvme_ctrl_put() after nvme_ctrl_uninit()
Hannes Reinecke
hare at kernel.org
Fri Mar 1 03:28:23 PST 2024
nvme_ctrl_uninit() already calls nvme_ctrl_put(), doing it twice
will cause an UAF.
Signed-off-by: Daniel Wagner <dwagner at suse.de>
Signed-off-by: Hannes Reinecke <hare at suse.de>
---
drivers/nvme/target/loop.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c
index f1d5eee3daec..82db181f0168 100644
--- a/drivers/nvme/target/loop.c
+++ b/drivers/nvme/target/loop.c
@@ -615,7 +615,6 @@ static struct nvme_ctrl *nvme_loop_create_ctrl(struct device *dev,
kfree(ctrl->queues);
out_uninit_ctrl:
nvme_uninit_ctrl(&ctrl->ctrl);
- nvme_put_ctrl(&ctrl->ctrl);
out:
if (ret > 0)
ret = -EIO;
--
2.35.3
More information about the Linux-nvme
mailing list