]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f330b0b) | patch
nvmet: Fix use-after-free bug when a port is removed
authorLogan Gunthorpe <logang@deltatee.com>
Wed, 31 Jul 2019 23:35:31 +0000 (17:35 -0600)
committerSagi Grimberg <sagi@grimberg.me>
Thu, 1 Aug 2019 00:57:06 +0000 (17:57 -0700)
commit72ec36b536d75957574b6d752911d9b9a19dbbf5
treeec1c8fdaaae875427d39e0734626161419167293tree | snapshot
parentf330b0bda49a670a79c4fe0e80a89da17550fd61commit | diff
nvmet: Fix use-after-free bug when a port is removed

When a port is removed through configfs, any connected controllers
are still active and can still send commands. This causes a
use-after-free bug which is detected by KASAN for any admin command
that dereferences req->port (like in nvmet_execute_identify_ctrl).

To fix this, disconnect all active controllers when a subsystem is
removed from a port. This ensures there are no active controllers
when the port is eventually removed.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by : Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
drivers/nvme/target/configfs.c diff | blob | history
drivers/nvme/target/core.c diff | blob | history
drivers/nvme/target/nvmet.h diff | blob | history
Linux Kernel Source Tree.