Re: [PATCH v4 1/1] nvmet-tcp: Fix NULL pointer dereference during release

From: Sagi Grimberg
Date: Tue Sep 20 2022 - 07:29:54 EST

Next message: Christoph Hellwig: "Re: [PATCH RFC 0/8] Introduce provisioning primitives for thinly provisioned storage"
Previous message: Lukas Bulwahn: "[PATCH] scsi: wd33c93: remove dead code related to the long-gone config WD33C93_PIO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nvmet-tcp frees CMD buffers in nvmet_tcp_uninit_data_in_cmds(),
and waits the inflight IO requests in nvmet_sq_destroy(). During wait
the inflight IO requests, the callback nvmet_tcp_queue_response()
is called from backend after IO complete, this leads a typical
Use-After-Free issue like this:

Would it be possible to resend this patch rebased on top of nvme-6.1?

Next message: Christoph Hellwig: "Re: [PATCH RFC 0/8] Introduce provisioning primitives for thinly provisioned storage"
Previous message: Lukas Bulwahn: "[PATCH] scsi: wd33c93: remove dead code related to the long-gone config WD33C93_PIO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]