summaryrefslogtreecommitdiff
path: root/net/lapb
diff options
context:
space:
mode:
authorMike Christie <mchristi@redhat.com>2017-05-17 12:34:37 +0300
committerNicholas Bellinger <nab@linux-iscsi.org>2017-05-24 05:50:49 +0300
commitf3cdbe39b2ab0636dec0d5d43b54f1061ce7566c (patch)
tree957000299919ddd60cf9159df3563d21a8ba7be7 /net/lapb
parent4ff83daa0200affe1894bd33d17bac404e3d78d4 (diff)
downloadlinux-f3cdbe39b2ab0636dec0d5d43b54f1061ce7566c.tar.xz
tcmu: fix crash during device removal
We currently do tcmu_free_device ->tcmu_netlink_event(TCMU_CMD_REMOVED_DEVICE) -> uio_unregister_device -> kfree(tcmu_dev). The problem is that the kernel does not wait for userspace to do the close() on the uio device before freeing the tcmu_dev. We can then hit a race where the kernel frees the tcmu_dev before userspace does close() and so when close() -> release -> tcmu_release is done, we try to access a freed tcmu_dev. This patch made over the target-pending master branch moves the freeing of the tcmu_dev to when the last reference has been dropped. This also fixes a leak where if tcmu_configure_device was not called on a device we did not free udev->name which was allocated at tcmu_alloc_device time. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'net/lapb')
0 files changed, 0 insertions, 0 deletions