[prev in list] [next in list] [prev in thread] [next in thread] 

List:       target-devel
Subject:    Re: [PATCH v2] tcmu: avoid use-after-free after command timeout
From:       "Martin K. Petersen" <martin.petersen () oracle ! com>
Date:       2019-08-15 2:00:49
Message-ID: yq1h86j2nn2.fsf () oracle ! com
[Download RAW message or body]


Dmitry,

> In tcmu_handle_completion() function, the variable called read_len is
> always initialized with a value taken from se_cmd structure. If this
> function is called to complete an expired (timed out) out command, the
> session command pointed by se_cmd is likely to be already deallocated
> by the target core at that moment. As the result, this access triggers
> a use-after-free warning from KASAN.

Applied to 5.3/scsi-fixes, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering
[prev in list] [next in list] [prev in thread] [next in thread]