[prev in list] [next in list] [prev in thread] [next in thread]
List: target-devel
Subject: Re: [PATCH v2] tcmu: avoid use-after-free after command timeout
From: "Martin K. Petersen" <martin.petersen () oracle ! com>
Date: 2019-08-15 2:00:49
Message-ID: yq1h86j2nn2.fsf () oracle ! com
[Download RAW message or body]
Dmitry,
> In tcmu_handle_completion() function, the variable called read_len is
> always initialized with a value taken from se_cmd structure. If this
> function is called to complete an expired (timed out) out command, the
> session command pointed by se_cmd is likely to be already deallocated
> by the target core at that moment. As the result, this access triggers
> a use-after-free warning from KASAN.
Applied to 5.3/scsi-fixes, thanks!
--
Martin K. Petersen Oracle Linux Engineering
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic