summaryrefslogtreecommitdiff
path: root/drivers/scsi/lpfc/lpfc_nvme.c
diff options
context:
space:
mode:
authorXiaoguang Wang <xiaoguang.wang@linux.alibaba.com>2022-03-11 16:22:05 +0300
committerMartin K. Petersen <martin.petersen@oracle.com>2022-03-30 06:07:56 +0300
commita6968f7a367f128d120447360734344d5a3d5336 (patch)
tree2afc4fb879689dc8aca4a9a74908a1d661c553f6 /drivers/scsi/lpfc/lpfc_nvme.c
parentebfe3e0c5e805da3dd692bb120cd6269b7c19b80 (diff)
downloadlinux-a6968f7a367f128d120447360734344d5a3d5336.tar.xz
scsi: target: tcmu: Fix possible page UAF
tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release(). We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release(). Link: https://lore.kernel.org/r/20220311132206.24515-1-xiaoguang.wang@linux.alibaba.com Reviewed-by: Bodo Stroesser <bostroesser@gmail.com> Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/lpfc/lpfc_nvme.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.39.0) at 2025-03-03 22:48:53 +0300