evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/target
History
Andy Grover e321f384d8 target/user: Fix use-after-free of tcmu_cmds if they are expired 
commit d0905ca757bc40bd1ebc261a448a521b064777d7 upstream.

Don't free the cmd in tcmu_check_expired_cmd, it's still referenced by
an entry in our cmd_id->cmd idr. If userspace ever resumes processing,
tcmu_handle_completions() will use the now-invalid cmd pointer.

Instead, don't free cmd. It will be freed by tcmu_handle_completion() if
userspace ever recovers, or tcmu_free_device if not.

Reported-by: Bryant G Ly <bgly@us.ibm.com>
Tested-by: Bryant G Ly <bgly@us.ibm.com>
Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-01-09 08:07:53 +01:00
..
iscsi target: Fix race between iscsi-target connection shutdown + ABORT_TASK 2016-08-20 18:09:26 +02:00
loopback SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
sbp target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
tcm_fc target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
Kconfig
Makefile
target_core_alua.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_alua.h
target_core_configfs.c target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
target_core_device.c target: Fix max_unmap_lba_count calc overflow 2016-08-20 18:09:26 +02:00
target_core_fabric_configfs.c target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
target_core_fabric_lib.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_file.c target: Fix max_unmap_lba_count calc overflow 2016-08-20 18:09:26 +02:00
target_core_file.h
target_core_hba.c target: Fix target_sense_desc_format NULL pointer dereference 2015-09-24 23:17:23 -07:00
target_core_iblock.c target: Fix max_unmap_lba_count calc overflow 2016-08-20 18:09:26 +02:00
target_core_iblock.h
target_core_internal.h target: Fix ordered task target_setup_cmd_from_cdb exception hang 2016-08-20 18:09:26 +02:00
target_core_pr.c target: Fix PR registration + APTPL RCU conversion regression 2015-09-24 23:17:07 -07:00
target_core_pr.h
target_core_pscsi.c block: add a bi_error field to struct bio 2015-07-29 08:55:15 -06:00
target_core_pscsi.h
target_core_rd.c Merge branch 'for-4.3/sg' of git://git.kernel.dk/linux-block 2015-09-02 13:22:38 -07:00
target_core_rd.h
target_core_sbc.c target: Fix ordered task target_setup_cmd_from_cdb exception hang 2016-08-20 18:09:26 +02:00
target_core_spc.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-09-11 19:00:42 -07:00
target_core_stat.c target/stat: print full t10_wwn.model buffer 2015-11-28 21:23:13 -08:00
target_core_tmr.c target: Drop incorrect ABORT_TASK put for completed commands 2016-03-16 08:43:01 -07:00
target_core_tpg.c target: Propigate backend read-only to core_tpg_add_lun 2015-09-24 23:17:21 -07:00
target_core_transport.c target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE 2016-10-28 03:01:36 -04:00
target_core_ua.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_ua.h
target_core_user.c target/user: Fix use-after-free of tcmu_cmds if they are expired 2017-01-09 08:07:53 +01:00
target_core_xcopy.c target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code 2016-10-28 03:01:36 -04:00
target_core_xcopy.h