diff options
| author | Saravanan Vajravel <saravanan.vajravel@broadcom.com> | 2023-06-06 13:25:31 +0300 |
|---|---|---|
| committer | Leon Romanovsky <leon@kernel.org> | 2023-06-11 20:29:34 +0300 |
| commit | 699826f4e30ab76a62c238c86fbef7e826639c8d (patch) | |
| tree | bc8b2104fc237188f59286c7bc4b57bfbedba57a /drivers/infiniband | |
| parent | 7651e2d6c5b359a28c2d4c904fec6608d1021ca8 (diff) | |
| download | linux-699826f4e30ab76a62c238c86fbef7e826639c8d.tar.xz | |
IB/isert: Fix incorrect release of isert connection
The ib_isert module is releasing the isert connection both in
isert_wait_conn() handler as well as isert_free_conn() handler.
In isert_wait_conn() handler, it is expected to wait for iSCSI
session logout operation to complete. It should free the isert
connection only in isert_free_conn() handler.
When a bunch of iSER target is cleared, this issue can lead to
use-after-free memory issue as isert conn is twice released
Fixes: b02efbfc9a05 ("iser-target: Fix implicit termination of connections")
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Link: https://lore.kernel.org/r/20230606102531.162967-4-saravanan.vajravel@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Diffstat (limited to 'drivers/infiniband')
| -rw-r--r-- | drivers/infiniband/ulp/isert/ib_isert.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c index 00a7303c8cc6..92e1e7587af8 100644 --- a/drivers/infiniband/ulp/isert/ib_isert.c +++ b/drivers/infiniband/ulp/isert/ib_isert.c @@ -2570,8 +2570,6 @@ static void isert_wait_conn(struct iscsit_conn *conn) isert_put_unsol_pending_cmds(conn); isert_wait4cmds(conn); isert_wait4logout(isert_conn); - - queue_work(isert_release_wq, &isert_conn->release_work); } static void isert_free_conn(struct iscsit_conn *conn) |