lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Sep 2022 14:29:37 +0300 From: Sagi Grimberg <sagi@...mberg.me> To: zhenwei pi <pizhenwei@...edance.com>, hch@....de Cc: kch@...dia.com, linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org, fmdefrancesco@...il.com Subject: Re: [PATCH v4 1/1] nvmet-tcp: Fix NULL pointer dereference during release > nvmet-tcp frees CMD buffers in nvmet_tcp_uninit_data_in_cmds(), > and waits the inflight IO requests in nvmet_sq_destroy(). During wait > the inflight IO requests, the callback nvmet_tcp_queue_response() > is called from backend after IO complete, this leads a typical > Use-After-Free issue like this: Would it be possible to resend this patch rebased on top of nvme-6.1?
Powered by blists - more mailing lists