diff options
author | Mike Christie <michael.christie@oracle.com> | 2021-05-25 13:18:14 -0500 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2021-06-02 01:28:22 -0400 |
commit | 5b04d050cde44c3c1a9a0342da50d785d075b0f6 (patch) | |
tree | c95c6dec01c4e095915245a18e8408985aca122d /drivers/scsi/qedi/qedi_iscsi.h | |
parent | 2ce002366a3fcc3f9616d4583194f65dde0ad253 (diff) | |
download | linux-5b04d050cde44c3c1a9a0342da50d785d075b0f6.tar.gz linux-5b04d050cde44c3c1a9a0342da50d785d075b0f6.tar.bz2 linux-5b04d050cde44c3c1a9a0342da50d785d075b0f6.zip |
scsi: qedi: Fix use after free during abort cleanup
If qedi_tmf_work's qedi_wait_for_cleanup_request call times out we will
also force the clean up of the qedi_work_map but
qedi_process_cmd_cleanup_resp could still be accessing the qedi_cmd.
To fix this issue we extend where we hold the tmf_work_lock and back_lock
so the qedi_process_cmd_cleanup_resp access is serialized with the cleanup
done in qedi_tmf_work and any completion handling for the iscsi_task.
Link: https://lore.kernel.org/r/20210525181821.7617-22-michael.christie@oracle.com
Reviewed-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/qedi/qedi_iscsi.h')
-rw-r--r-- | drivers/scsi/qedi/qedi_iscsi.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/scsi/qedi/qedi_iscsi.h b/drivers/scsi/qedi/qedi_iscsi.h index 39dc27c85e3c..68ef519f5480 100644 --- a/drivers/scsi/qedi/qedi_iscsi.h +++ b/drivers/scsi/qedi/qedi_iscsi.h @@ -212,6 +212,7 @@ struct qedi_cmd { struct qedi_work_map { struct list_head list; struct qedi_cmd *qedi_cmd; + struct iscsi_task *ctask; int rtid; int state; |