* [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() [not found] <yq1y2purqt1.fsf@oracle.com> @ 2020-05-15 10:19 ` Dan Carpenter 2020-05-20 16:55 ` Christoph Hellwig 0 siblings, 1 reply; 11+ messages in thread From: Dan Carpenter @ 2020-05-15 10:19 UTC (permalink / raw) To: James Smart, linux-nvme Cc: Jens Axboe, Dick Kennedy, linux-scsi, Martin K. Petersen, James E.J. Bottomley, kernel-janitors, Paul Ely, Hannes Reinecke The "axchg" pointer is dereferenced when we call the lpfc_nvme_unsol_ls_issue_abort() function. It can't be either freed or NULL. Fixes: 3a8070c567aa ("lpfc: Refactor NVME LS receive handling") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: James Smart <james.smart@broadcom.com> --- Resending to the NVMe list. Added James' R-b. Is there a way we could update MAINTAINERS so that ./get_maintainer.pl send these to the correct list? drivers/scsi/lpfc/lpfc_sli.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 38889cb6e1996..fcf51b4192d66 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -2895,14 +2895,14 @@ lpfc_nvme_unsol_ls_handler(struct lpfc_hba *phba, struct lpfc_iocbq *piocb) (phba->nvmet_support) ? "T" : "I", ret); out_fail: - kfree(axchg); - /* recycle receive buffer */ lpfc_in_buf_free(phba, &nvmebuf->dbuf); /* If start of new exchange, abort it */ - if (fctl & FC_FC_FIRST_SEQ && !(fctl & FC_FC_EX_CTX)) + if (axchg && (fctl & FC_FC_FIRST_SEQ) && !(fctl & FC_FC_EX_CTX)) lpfc_nvme_unsol_ls_issue_abort(phba, axchg, sid, oxid); + + kfree(axchg); } /** -- 2.26.2 _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-15 10:19 ` [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() Dan Carpenter @ 2020-05-20 16:55 ` Christoph Hellwig 2020-05-20 17:24 ` Dan Carpenter 0 siblings, 1 reply; 11+ messages in thread From: Christoph Hellwig @ 2020-05-20 16:55 UTC (permalink / raw) To: Dan Carpenter Cc: Jens Axboe, Dick Kennedy, linux-scsi, Martin K. Petersen, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Paul Ely, Hannes Reinecke James, can you review this patch? _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 16:55 ` Christoph Hellwig @ 2020-05-20 17:24 ` Dan Carpenter 2020-05-20 17:28 ` Christoph Hellwig 0 siblings, 1 reply; 11+ messages in thread From: Dan Carpenter @ 2020-05-20 17:24 UTC (permalink / raw) To: Christoph Hellwig Cc: Jens Axboe, Dick Kennedy, linux-scsi, Martin K. Petersen, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Paul Ely, Hannes Reinecke On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: > James, can you review this patch? He already reviewed it in a different thread. I copied his R-b tag. regards, dan carpenter _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:24 ` Dan Carpenter @ 2020-05-20 17:28 ` Christoph Hellwig 2020-05-20 17:33 ` Martin K. Petersen 0 siblings, 1 reply; 11+ messages in thread From: Christoph Hellwig @ 2020-05-20 17:28 UTC (permalink / raw) To: Dan Carpenter Cc: Jens Axboe, Dick Kennedy, Martin K. Petersen, linux-scsi, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Christoph Hellwig, Paul Ely, Hannes Reinecke On Wed, May 20, 2020 at 08:24:33PM +0300, Dan Carpenter wrote: > On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: > > James, can you review this patch? > > He already reviewed it in a different thread. I copied his R-b tag. James, should this go into the nvme or scsi tree? _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:28 ` Christoph Hellwig @ 2020-05-20 17:33 ` Martin K. Petersen 2020-05-20 17:37 ` Christoph Hellwig 0 siblings, 1 reply; 11+ messages in thread From: Martin K. Petersen @ 2020-05-20 17:33 UTC (permalink / raw) To: Christoph Hellwig Cc: Jens Axboe, Dick Kennedy, Martin K. Petersen, linux-scsi, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Paul Ely, Hannes Reinecke, Dan Carpenter Christoph, > On Wed, May 20, 2020 at 08:24:33PM +0300, Dan Carpenter wrote: >> On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: >> > James, can you review this patch? >> >> He already reviewed it in a different thread. I copied his R-b tag. > > James, should this go into the nvme or scsi tree? The offending patch is in the nvme tree so I think you should take it. Otherwise I'll pick it up in 5.8/scsi-fixes. -- Martin K. Petersen Oracle Linux Engineering _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:33 ` Martin K. Petersen @ 2020-05-20 17:37 ` Christoph Hellwig 2020-05-20 17:39 ` Martin K. Petersen 0 siblings, 1 reply; 11+ messages in thread From: Christoph Hellwig @ 2020-05-20 17:37 UTC (permalink / raw) To: Martin K. Petersen Cc: Jens Axboe, Dick Kennedy, linux-scsi, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Christoph Hellwig, Paul Ely, Hannes Reinecke, Dan Carpenter On Wed, May 20, 2020 at 01:33:12PM -0400, Martin K. Petersen wrote: > > Christoph, > > > On Wed, May 20, 2020 at 08:24:33PM +0300, Dan Carpenter wrote: > >> On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: > >> > James, can you review this patch? > >> > >> He already reviewed it in a different thread. I copied his R-b tag. > > > > James, should this go into the nvme or scsi tree? > > The offending patch is in the nvme tree so I think you should take > it. Otherwise I'll pick it up in 5.8/scsi-fixes. I'll pick it up. Can you give me an ACK for it to show Jens you are ok with that? _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:37 ` Christoph Hellwig @ 2020-05-20 17:39 ` Martin K. Petersen 2020-05-20 17:48 ` Christoph Hellwig 0 siblings, 1 reply; 11+ messages in thread From: Martin K. Petersen @ 2020-05-20 17:39 UTC (permalink / raw) To: Christoph Hellwig Cc: Jens Axboe, Dick Kennedy, linux-scsi, Martin K. Petersen, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Paul Ely, Hannes Reinecke, Dan Carpenter Christoph, > I'll pick it up. Can you give me an ACK for it to show Jens you are > ok with that? Acked-by: Martin K. Petersen <martin.petersen@oracle.com> -- Martin K. Petersen Oracle Linux Engineering _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:39 ` Martin K. Petersen @ 2020-05-20 17:48 ` Christoph Hellwig 2020-05-20 17:51 ` James Smart 0 siblings, 1 reply; 11+ messages in thread From: Christoph Hellwig @ 2020-05-20 17:48 UTC (permalink / raw) To: Martin K. Petersen Cc: Jens Axboe, Dick Kennedy, linux-scsi, James E.J. Bottomley, kernel-janitors, James Smart, linux-nvme, Christoph Hellwig, Paul Ely, Hannes Reinecke, Dan Carpenter On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: > > Christoph, > > > I'll pick it up. Can you give me an ACK for it to show Jens you are > > ok with that? > > Acked-by: Martin K. Petersen <martin.petersen@oracle.com> Thanks, applied to nvme-5.8. _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:48 ` Christoph Hellwig @ 2020-05-20 17:51 ` James Smart 2020-05-20 17:57 ` Christoph Hellwig 2020-05-20 18:01 ` Dan Carpenter 0 siblings, 2 replies; 11+ messages in thread From: James Smart @ 2020-05-20 17:51 UTC (permalink / raw) To: Christoph Hellwig, Martin K. Petersen Cc: Jens Axboe, Dick Kennedy, linux-scsi, James E.J. Bottomley, kernel-janitors, linux-nvme, Paul Ely, Hannes Reinecke, Dan Carpenter On 5/20/2020 10:48 AM, Christoph Hellwig wrote: > On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: >> Christoph, >> >>> I'll pick it up. Can you give me an ACK for it to show Jens you are >>> ok with that? >> Acked-by: Martin K. Petersen <martin.petersen@oracle.com> > Thanks, > > applied to nvme-5.8. Guess you didn't see Dan's response - we had replied, and Dick rejected it. Dick has created a new patch that I'll be posting shortly. -- james _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:51 ` James Smart @ 2020-05-20 17:57 ` Christoph Hellwig 2020-05-20 18:01 ` Dan Carpenter 1 sibling, 0 replies; 11+ messages in thread From: Christoph Hellwig @ 2020-05-20 17:57 UTC (permalink / raw) To: James Smart Cc: Jens Axboe, Dick Kennedy, Martin K. Petersen, linux-scsi, James E.J. Bottomley, kernel-janitors, linux-nvme, Christoph Hellwig, Paul Ely, Hannes Reinecke, Dan Carpenter On Wed, May 20, 2020 at 10:51:48AM -0700, James Smart wrote: > On 5/20/2020 10:48 AM, Christoph Hellwig wrote: > > On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: > > > Christoph, > > > > > > > I'll pick it up. Can you give me an ACK for it to show Jens you are > > > > ok with that? > > > Acked-by: Martin K. Petersen <martin.petersen@oracle.com> > > Thanks, > > > > applied to nvme-5.8. > > Guess you didn't see Dan's response - we had replied, and Dick rejected it. > Dick has created a new patch that I'll be posting shortly. Oh well, I'll pull it again then. _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() 2020-05-20 17:51 ` James Smart 2020-05-20 17:57 ` Christoph Hellwig @ 2020-05-20 18:01 ` Dan Carpenter 1 sibling, 0 replies; 11+ messages in thread From: Dan Carpenter @ 2020-05-20 18:01 UTC (permalink / raw) To: James Smart Cc: Jens Axboe, Dick Kennedy, Martin K. Petersen, linux-scsi, James E.J. Bottomley, kernel-janitors, linux-nvme, Christoph Hellwig, Paul Ely, Hannes Reinecke On Wed, May 20, 2020 at 10:51:48AM -0700, James Smart wrote: > On 5/20/2020 10:48 AM, Christoph Hellwig wrote: > > On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: > > > Christoph, > > > > > > > I'll pick it up. Can you give me an ACK for it to show Jens you are > > > > ok with that? > > > Acked-by: Martin K. Petersen <martin.petersen@oracle.com> > > Thanks, > > > > applied to nvme-5.8. > > Guess you didn't see Dan's response - we had replied, and Dick rejected it. > Dick has created a new patch that I'll be posting shortly. Gar.... I'm sorry I have two mail boxes, one for kernel-janitors and one for my own email address. I guess his email never made it to the lists. I did get it on my other email box though. regards, dan carpenter _______________________________________________ linux-nvme mailing list linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2020-05-20 18:02 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <yq1y2purqt1.fsf@oracle.com>
2020-05-15 10:19 ` [PATCH resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() Dan Carpenter
2020-05-20 16:55 ` Christoph Hellwig
2020-05-20 17:24 ` Dan Carpenter
2020-05-20 17:28 ` Christoph Hellwig
2020-05-20 17:33 ` Martin K. Petersen
2020-05-20 17:37 ` Christoph Hellwig
2020-05-20 17:39 ` Martin K. Petersen
2020-05-20 17:48 ` Christoph Hellwig
2020-05-20 17:51 ` James Smart
2020-05-20 17:57 ` Christoph Hellwig
2020-05-20 18:01 ` Dan Carpenter
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox