From patchwork Tue May 2 17:43:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bart Van Assche X-Patchwork-Id: 9708417 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 792B26021C for ; Tue, 2 May 2017 17:43:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C1B82842E for ; Tue, 2 May 2017 17:43:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 60C2E284D5; Tue, 2 May 2017 17:43:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7EE3D2842E for ; Tue, 2 May 2017 17:43:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751219AbdEBRnz (ORCPT ); Tue, 2 May 2017 13:43:55 -0400 Received: from esa1.hgst.iphmx.com ([68.232.141.245]:38326 "EHLO esa1.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751064AbdEBRnw (ORCPT ); Tue, 2 May 2017 13:43:52 -0400 X-IronPort-AV: E=Sophos;i="5.38,280,1491235200"; d="scan'208";a="117269786" Received: from mail-by2nam03lp0056.outbound.protection.outlook.com (HELO NAM03-BY2-obe.outbound.protection.outlook.com) ([216.32.180.56]) by ob1.hgst.iphmx.com with ESMTP; 03 May 2017 01:43:43 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector1-sharedspace-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WyE8dIkOGXuhSDC1BOW52xraTvjnJnVHBNabnHEMhcM=; b=T/tU3PY93NQDpKuZQP+FgvrRrLMLnrmUPh7l4w8EkIp9n+y4nhcmQFzE8OghFU1CoHx6yzTU3VlINdcWyNPZwsg5zSc8r++KOYQb3N64V+UrHLXU/01ZqKw1zrx0yN5LXFcrYXPsO0hDwZH2+UEmwcappMfWYN21Bl0RPRjI3ts= Received: from BLUPR0401CA0039.namprd04.prod.outlook.com (10.162.114.177) by BN3PR0401MB1543.namprd04.prod.outlook.com (10.163.38.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Tue, 2 May 2017 17:43:40 +0000 Received: from CO1NAM04FT038.eop-NAM04.prod.protection.outlook.com (2a01:111:f400:7e4d::201) by BLUPR0401CA0039.outlook.office365.com (2a01:111:e400:525a::49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12 via Frontend Transport; Tue, 2 May 2017 17:43:40 +0000 Authentication-Results: spf=pass (sender IP is 63.163.107.21) smtp.mailfrom=sandisk.com; oracle.com; dkim=none (message not signed) header.d=none;oracle.com; dmarc=bestguesspass action=none header.from=sandisk.com; Received-SPF: Pass (protection.outlook.com: domain of sandisk.com designates 63.163.107.21 as permitted sender) receiver=protection.outlook.com; client-ip=63.163.107.21; helo=milsmgep15.sandisk.com; Received: from milsmgep15.sandisk.com (63.163.107.21) by CO1NAM04FT038.mail.protection.outlook.com (10.152.91.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1047.9 via Frontend Transport; Tue, 2 May 2017 17:43:39 +0000 Received: from MILHUBIP03.sdcorp.global.sandisk.com (Unknown_Domain [10.201.67.162]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 64.2F.29323.845C8095; Tue, 2 May 2017 10:43:38 -0700 (PDT) Received: from milsmgip11.sandisk.com (10.177.8.100) by MILHUBIP03.sdcorp.global.sandisk.com (10.177.9.96) with Microsoft SMTP Server id 14.3.319.2; Tue, 2 May 2017 10:43:36 -0700 X-AuditID: 0ac94369-1c3ff7000000728b-fe-5908c548fedd Received: from exp-402881.sdcorp.global.sandisk.com ( [10.177.8.100]) by (Symantec Messaging Gateway) with SMTP id 30.65.11415.245C8095; Tue, 2 May 2017 10:43:32 -0700 (PDT) From: Bart Van Assche To: "Martin K . Petersen" , James Bottomley CC: , Bart Van Assche , Scott Bauer , "Christoph Hellwig" , Jan Kara , Hannes Reinecke , Subject: [PATCH] Avoid that scsi_exit_rq() triggers a use-after-free Date: Tue, 2 May 2017 10:43:30 -0700 Message-ID: <20170502174330.13146-1-bart.vanassche@sandisk.com> X-Mailer: git-send-email 2.12.2 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrELMWRmVeSWpSXmKPExsXCddJ5ka7XUY5Igx3XlCwWvNnLZrFy9VEm i9nTm5ksNvZzWHRf38Fmsfz4PyaLl/OusFss2PiI0YHDY9qkU2wei/e8ZPLYfbOBzePj01ss Huu3XGXxOLPgCLvH501yAexRXDYpqTmZZalF+nYJXBnLmw6xFPxTrGi88ompgfGfTBcjJ4eE gInEtEer2bsYuTiEBJYySbxq/Q3lbGeUuLl9PxtM1d6zPYwQic2MEo+nbmMGSbAJGEl8ez+T BcQWESiUuLStA6yIWeAto8S8HT1MIAlhAReJ1kMPwWwWARWJC0vWgTXzCthLHJy1nRVig7zE 2S07mUGaJQTmsUo8f7KLHaJIUOLkzCdgG5gFJCQOvngB1iwkoC5xcsl8pgmMArOQlM1CUraA kWkVo1huZk5xbnpqgaGpXnFiXkpmcbZecn7uJkZIyGfuYLz7xPsQowAHoxIPr8Vkjkgh1sSy 4srcQ4wSHMxKIryem4FCvCmJlVWpRfnxRaU5qcWHGKU5WJTEec/JTI0QEkhPLEnNTk0tSC2C yTJxcEo1MPZne386WTBvIoPpgvWcqgaXWxMyj83b0B+wiWGP0bvs98sPdX+ZEPQznXOm4GqV TT4GLIdaQu/tNn148h77UalX/zy6Hlj/fh67hfn/keV2PCJy84Qe/1i36N2VuQHbo8QT5nKV Nb1h+Hrx4htBnr/rGA0VHlbvv3z93KO6VdO1ZntPO+Oh+/uZEktxRqKhFnNRcSIAB2POZXUC AAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPJMWRmVeSWpSXmKPExsXCtZEjRdf1KEekwVIxi4M/2xgtFrzZy2ax cvVRJovZ05uZLDb2c1h0X9/BZrH8+D8mi5fzrrBbLNj4iNGB02PapFNsHov3vGTy2H2zgc3j 49NbLB7T1pxn8li/5SqLx5kFR9g9Pm+SC+CI4rJJSc3JLEst0rdL4MpY3nSIpeCfYkXjlU9M DYz/ZLoYOTkkBEwk9p7tYexi5OIQEtjIKHHo41VmkASbgJHEt/czWUBsEYFCifunT7OB2MwC 7xklzu/RA7GFBVwkWg89ZAKxWQRUJb7OvAZm8wrYS9w9v5kVYoG8xNktO5knMHIuYGRYxSiW m5lTnJueWWBoqFecmJeSWZytl5yfu4kRHCSckTsYn040P8TIxMEp1cC4bt0ZpwUiU9KF4zZv i15w7/i27KNxjxat95vJ/8pr0qTbi/lPvSz8YqP3fnXEdb7vJb7H/zLu83ihPKGa9ci7SraM /cdil8kbCSqvrhH5s6PJq39Gk6TjW9usymVr2jusbTsP3l58MkEps3Kr88UTt+Vf5l5yK8rY 3all+Hzpz3OX5txzueI1SYmlOCPRUIu5qDgRAIJ7QPrCAQAA MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:63.163.107.21; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39410400002)(39850400002)(39400400002)(39860400002)(39840400002)(2980300002)(438002)(199003)(189002)(9170700003)(5890100001)(8936002)(1076002)(5003940100001)(50226002)(47776003)(86362001)(8676002)(81166006)(230783001)(575784001)(36756003)(189998001)(53936002)(356003)(2906002)(50466002)(48376002)(33646002)(4326008)(50986999)(5660300001)(478600001)(54906002)(305945005)(38730400002)(77096006); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0401MB1543; H:milsmgep15.sandisk.com; FPR:; SPF:Pass; MLV:sfv; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; CO1NAM04FT038; 1:zhadLD2CuPk+6Wsg2VwhPbTWberk9w0b0J7wC/kX4BDPVMOIdZiNvc6RC6EPc6WE6vE0JvS1l6huAgXJoqxdK395JO688dNEvIijccN4sZbMwlfIQaKcpLgmP048vl4KPdMPh4WATVf5fQ5ZekSz73kS79z6MSBD6zYZCU4A/r8HbPE7eAi6qFYJRFXmYdnCbjD0rQsDOfqjK4XChNhTEIYQdOUe65u0u9g9czCalrH0MzSHE1sIN4YECxZ8GKbrHdFaLKWp+MyuPBx+Zso9x4vvW88uA2c3+EmzGYYiTtL2zxSUW0xjPUTCMYzReCrWclX+e3V9J+W/T8EUl3AlgzpmAR3lwOzLOv8/OVmtrJw36E2oITdB2tLz3L9x434g/iP9unrwYoCGyVWApDEHvYPx2NgpmDCTAQYi+ahTK26bd1doTZW/gAILZvjqJp/aSyS2FvwnlQv20q6/8HXcNUU9wN5k/cL5zxqrOZT4Zm1daNYBkICxSlffogwX2Rnb0oTSgA0fjcip9a2u4XkUiv4lsEe9tS6lHkAHmhx5dYs= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 53b63d9b-ebc2-4979-b327-08d49182c4e0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(8251501002)(2017030254075)(201703131423075)(201703031133081); SRVR:BN3PR0401MB1543; X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1543; 3:yg+aByGvgHmKawpUCTaqQ+BqJPwz6S9KNNmzZUHj6rxG+3y8mJ5M35iXlSSCKm7/ZL7GW6YqhH1tZqETQN8z/lfyrdoqW2zazaHpNVDFqYLN61TJr6ZaSx3no8/z2dhF02+heRng6vCX+tzFbVDsBE5NOv6NtIKlcQaoLVG1EukC1rZan+ZT8/I2a4gucuiGbulbQ90WcR0UiluJ6KvhXhODGJsqSw5iv0h7Kt0K2bVMK16u9La0OM5HuPJA+miLQ5JC/621niVzn5C7lzardNv1xXZoOMBKWd1OQlTO9HlMuBcwfHe/FEFu3LRTIByZ8hTTnhL4am+iqvvZSF728TWhZEWnm32lS5X3xx5kFMTSdFQm7Ggc5UwyzhBnTW69QplYRAWJesR4f90u3j99rKrVm1mR2IGrfp4rFl+TUXEBHnW1iw2HuBynusYZtJK/n/IRqOAPGAPK203xL91uWWKpQymMJvfeQdWf3YMuOR7/rcTzezvjGnZTELnH8MlB X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1543; 25:0voHlms24pV73d7u/v3rG0kzIuAARPIrBzOOqXd0WwKOdNsNypKCBMgMTNWJph2DMZ4LbU3AS7mYbGWXlxvwCKpSLp2XFn/P2T8OgsSQBPgYHI+SJUuRhf+2YA8YQQwoUaaPxWEEbdeFdqCOfhHBKySMWPgV1jSeJqn/5sKBl4dokI/JR8R9N0WfEjvT5TZlC9ErahrWw+jSz9SawcPk2Vgdcy31LJX5If+i1s0DYIbsK2u/9nCETeHWyFyC+ExgnauWRvTw9D19v8YZWj11qVifSx0cr5s0zZMf6ZORw0zlywZLnMxGOTZAQ2gn/IUL3sGWqIMgRP3oYmiRvc26xmJXfe+2Xix55opt8mwP2o028UQqSgZzNCxtjJYqYKrFl6s4Akf6RzzO0rfLlYOrpSxLlA5+gsMuWRhAaEtXOwHRD1gM1fAA2ypHtnDmZIk8hQg0+bLOXfCC2tipSCnh4w==; 31:ew+uY0fiBSW97Mqg8ijp5Zqx90SmdIRTHWORhqyh4c5B0smcZRjU/Vs7DyyvWqaqbcjD69310g7AwE1t16hmHzWpL5hcIeBnvcTqfXTI8L8qGDXwDZuoS0YO9R0WWzi7oA/RU1jRrzYqi3djrK52YM76R6evHl6lUWntdjbsdesUzJ8SnIsHGbtBBH9LC3Lvz/sKvzRT0SEWojQCC+q+ixDTitVvEvqAM5gWbv/G4ar68wkrDWI8IOXPWFK8/beotEKLFQRwJoIt6wDXayR9EJa1zv3HTpDQoEirF5f0+vs= WDCIPOUTBOUND: EOP-TRUE X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1543; 20:P2LUCfW/+b4WD/2Ab+eQoBfD0mnZjkK34fboP4IEzYDt8GNNIebb3BZIvdpmhAs0/EIvuUB+zVWXB+6tK5hq7NLKzzjt5Wr+Rde+3Fon4x/ji9iQOQ48fKYpRZCm9VfzFqA38vwpwY4ouwqV3pyKHs2kFKRy+foQeOd9KkQ6etBQmqFeyIJ1SxHt8yjHEsoYIa/121qEOcZ7vfAju9JeRbFRok5fp2dK8nMZ66vHR0rr9jVDGuZOO399GAIDuodExcFI7UbqfDq2tn54nYOEKn1+AoBZmxYVsCwG5RgzwVb7YEzUc3ersah/vidT9hYvUApPSJ4EhAwsNZkfJS/USSy6r/ZQXYxecCF882ItnZrA7kTjQWdy+obRp4mXvlhTWS8s88/D0ojpOge/yjYh7Qhc0M0L3ByUdUsVBe4f5LFOoJU2gTf13sdiYJtxjx4pSLLhYo6585A9HxSSBmzdBXSZNuOgPWr+6Bm0EqdcC0SrPGIDWKxgLn0DYjgqsqht X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(42932892334569)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(13016025)(5005006)(8121501046)(13018025)(10201501046)(3002001)(93006095)(93004095)(6055026)(6041248)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(6072148); SRVR:BN3PR0401MB1543; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0401MB1543; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN3PR0401MB1543; 4:aX4ludR9AhjQSzi7XW7sP4tyu1Ly5paYqMqi+HKi?= =?us-ascii?Q?bFpOl3PUT1Twr245SwEqQxSDi3S1GKuEw5yGbHlPIWODNKFWG6mHLQWJcAtp?= =?us-ascii?Q?ZG8BFs+E6TfYtgwijW7r4MtOXCUuIixsyLcuyP3j65t0RuKfosrtHeAELnAS?= =?us-ascii?Q?rg6dFstaRS7n684cUBYh6dZlKizUdTb+n8Ff2bNouA2Jp2fd65X4Uo9gVMxV?= =?us-ascii?Q?t/zmwjzU72yy1QczvHYv0zxIQBnLdxSyzhocUiFnzjyPyT/rPoCkbxMqyuPA?= =?us-ascii?Q?PCmgnGzf94xgdqYLRprYYsvZBkOxak7C4dINHLTP+m055WCNiK0en99c50Jr?= =?us-ascii?Q?Q8L1BDrg6M/2LGCpnyzgEuM5+VCuTtrYk8IGZPsGS5q3/wZunwDrwqgE5ubg?= =?us-ascii?Q?U/Kixs2i6sqdhXIrgRwF99VgkymXzQdK4q/FLLZqIRfTTH3tZbDElOr8JnoJ?= =?us-ascii?Q?DtsQEaeiv2AYWUI2oH+lAeNwBID3JRy3nBQgiCkWg1yGRFmj6Aux/EvbQZFX?= =?us-ascii?Q?NsjS9wpDhthH2jY3qG4aXXYa3pTLp023CKnuqo0tNxqJUotjb6c4qqjHPk7N?= =?us-ascii?Q?HDWH+MelVVkXeLxqUmYYdrqh4y66RxJvV+Yvz3Xdl5iZ3mJAsol5ZYHnymWc?= =?us-ascii?Q?bjdSn/VU2M4UmEQBA4+XT86UKXSlQxqmn+rIZ5f5I/HCChHpdwr9Zy1Js9EU?= =?us-ascii?Q?a2zGq35YBY8GaZdxzCy93Fpv2eVBikHQiGG+Vz5VLUMgY2zmtH7fx0BdKAaX?= =?us-ascii?Q?R7fyXMGOObjMa7kFb8MaY5ZQkzuuRl1G0bDTZCTmTH3KL6dxzHo3ra3Q+KG0?= =?us-ascii?Q?vHYRrP/b/bYpcPjTH6B2m7T0REfOb2Rv1TgrIwrzyucE/1reLf1DrqWgijpp?= =?us-ascii?Q?4JjNorv0DrJiKP88vjmgEZEh1qiond2FowztTG7nrc1Kl+aRtB1vOQEp1g5w?= =?us-ascii?Q?0xP023kYFOtTkyLM+hXgKuENyPghOelBUSQZ7z7qOg=3D=3D?= X-Forefront-PRVS: 02951C14DC X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN3PR0401MB1543; 23:Iohv8NEEgUoOX61E6qhd8O3aXzZrA70Wt+N8w69?= =?us-ascii?Q?EsdH281LKv2NW1kzyHjolmBP1OblEchugi1KAvL1oYpkHcM5h1I1jXF9/OLI?= =?us-ascii?Q?eecAD/5VkAJh57zodTh1ilQ5aOO8ro35XGQ0VUxdXNBOge0HyhyptoyG211Q?= =?us-ascii?Q?AhfSxSJUgwTkAKat2aspHlNXA4GQO/T+j+mzjdkvOzLgUKkDW7IsKPhDLbFc?= =?us-ascii?Q?90jU8xoRpv5sPGQicnfoAUnKJN3EOD366QnCSeVBZH4AmgprvqrsOCq2fJHO?= =?us-ascii?Q?O8Fh2vpPTLA1HTW3YtwGR8Zveha+qEyve8s+9VmmAK9WNRqd6DhOdz5vWk/h?= =?us-ascii?Q?wo4ceR19xDTlj5ZM3vj3RJM7cQ7YnbCT4dPR6hfFvMLWI3KKZsiyQGvvDy4L?= =?us-ascii?Q?uGK4oObxJVkrf0pNB1or/ygjnHdcdur77BhTDp5ZYDbJ1lWZcJmInxvgFs6f?= =?us-ascii?Q?maMOzF8hJHXDTovQXbp+mtnoAsu9Pw27FHBgCy9R2Jh48yDSiKw/4QsJm5MF?= =?us-ascii?Q?+qUcwcQ5rMkvpHFOQ4ITe8v/GoC16bbVajfJx6kD+YV3V3k+SX/CzQDi9xqF?= =?us-ascii?Q?f7jSFHlcdKfXeQSyJ/HBtVFKakBTkDspIF3CLm6U+FrvFofOMd/KITkJj4HC?= =?us-ascii?Q?Ep07Toru8oQwF4offzKSGgCtAtN9g9k6k6wk9IcBwc0hIxv9L6NzKeypQo8C?= =?us-ascii?Q?lqxpq32euvXLv18vIfntU0P9hTZ9odQNrkq69SKVmuBkHid0aI2z4ubfb4VH?= =?us-ascii?Q?l0la5jYGA/AZ/tQhVVAKV+kU5r5v3VJqPnzKGuODo3LsBxQl6aYV0XFD5iQN?= =?us-ascii?Q?MU7YzTyor+erKrdQ9+eDwqnHpSHusyZUcrAfvA1nZOH5/bEkPShlBzXy8V27?= =?us-ascii?Q?cDZIn7X3yVaaWIjI+D4HaAvMKMFwVLYNO17L2TtH6BqVDsA/36FB7qRZpIMj?= =?us-ascii?Q?FDxtWLsuGvSgJ8BNRL94NcRxipOjBK62TCm2hRGcsLUTDY+lc1MYV5VPFhrH?= =?us-ascii?Q?JusDtNR/Fq5oFeRg+JybDI7At?= X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1543; 6:aQNtkdF5WlEO7nrwzJ9nAubT9/u9CxKFys+X45QsbGX8V/xIxYsofdyr8O/FiF7DpZYiitf5biMj+2i7UGEi9wxNeBpI4qVerRt3m3IAa0Q4LByUQ67IKcEIy4yU9mEslMn0bGQsDf0TCinuXHU8vmVrea9NAOj4xZCvXaWfqKeSTtuzOJaBd8evLJQHukrIytVcC+y95IahvsfFbfQc66JLk2Bh9derxAZSHWw1uMDZTlMxYdXa+aO6I+UvuXsij8nmSoQwiGXoKVruF94zmk2tRantV5PEFAJrTCL1qiJqmS9RaN3fwumvW/2+LXXVEai1npKdbwuPaRJpAZEz1vUsE80ZMO6j8bzUlC8m+JK7mO37R97+R87ApsdSYzT8NwiOGDiQqFnGcYpYpFtB+ZubSWXzr9PGV1CMSn59yqofFfmEo3CFyORvSrulAieGKDGMymVHIsMfFo8ygN4NJob0zArmNN7ggyanefANBfpeHGv1Jwv95EScsoTojeiPwXrkXXEhYU24WoNzbg1OGrlvY+vmT7/HNw2nXWE//+o=; 5:rgNyqBmnN8fBtETlZo5p1JuGvtWLIbcfBH7MAsazYh+lsknwEYBFOa7epUOiFMaS/wxcAgLzcMHif5pZlHl3ZlNn3a36l1Xo4zMC8u6RMJhQ8h2PkdkHMKimdyHb93S+y8E+gz3RfAgI42h0oXk79w==; 24:OJM5Pu0F6i2m3EWnDgAXsxHHMoa3zMKqFdmZT1VXc9ErEre1/iiKB3ATs58fIjjBsgW5KacsNUnTuu0hYufizU94r5tK/TUDumY0EGW7eOs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1543; 7:tvMrKgUo7vIW+bImkAYSeEMmmobhCaX/x7GUpU5cZ8Rb2Llzj6gI9Z2X6rFO1x0nkmw/EyKJf6oIJ7sDWUP17u/SJpUjuG7H5FI9h/OcSONhx50w9wDbnds9ccBAR1ST4fnjqR9FXYQuR+S9G4avuTXyr6v5/eHRyoTnW1UUWJ0u7muipKAluGDGoBx0Fy3KQf/psXA6zi2OtqcRlidvfhTBzhM6McwSlS2ugXOFVUobgxS7V5PqgVZnagwMENilvxZyRbAzZGEE6lM/5b87eOilRYR5UFGcwVKxhhMTJv/sKGjskX9wJDKui4lBB5nJy5MUEwusowv5BW/bFiHvRQ==; 20:xVJSw/hU61E82T/nu+1pchIjhBO/v3WUttn2fg+OChvrc/mSLzOIgS3ETNcZc/yCm3Ee4aAJHQvfrBQ4E5lfjADJDk1g6IwqHRuiv9nA9x8EKBI0fAB0gdiyqtimGw8D65ySg8ZiH3+JS4znSnJIFaKd+Oa+coBUOiTZSiE3bac= X-OriginatorOrg: sandisk.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 May 2017 17:43:39.0274 (UTC) X-MS-Exchange-CrossTenant-Id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b61c8803-16f3-4c35-9b17-6f65f441df86; Ip=[63.163.107.21]; Helo=[milsmgep15.sandisk.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0401MB1543 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch fixes the following KASAN complaint: ================================================================== BUG: KASAN: use-after-free in scsi_exit_rq+0xf3/0x120 at addr ffff8802b7fedf00 Read of size 1 by task rcuos/5/53 CPU: 7 PID: 53 Comm: rcuos/6 Not tainted 4.11.0-rc5+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0 ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 Call Trace: dump_stack+0x63/0x8f kasan_object_err+0x21/0x70 kasan_report.part.1+0x231/0x500 __asan_report_load1_noabort+0x2e/0x30 scsi_exit_rq+0xf3/0x120 free_request_size+0x44/0x60 mempool_destroy.part.6+0x9b/0x150 mempool_destroy+0x13/0x20 blk_exit_rl+0x36/0x40 blkg_free+0x146/0x200 __blkg_release_rcu+0x121/0x220 rcu_nocb_kthread+0x61f/0xca0 kthread+0x298/0x390 ret_from_fork+0x2c/0x40 Object at ffff8802b7fedd80, in cache kmalloc-2048 size: 2048 Allocated: PID = 3992 save_stack_trace+0x1b/0x20 save_stack+0x46/0xd0 kasan_kmalloc+0xad/0xe0 __kmalloc+0x134/0x220 scsi_host_alloc+0x6b/0x11c0 0xffffffffc101d94a driver_probe_device+0x49e/0xc60 __device_attach_driver+0x1d3/0x2a0 bus_for_each_drv+0x11a/0x1d0 __device_attach+0x1e1/0x2c0 device_initial_probe+0x13/0x20 bus_probe_device+0x19b/0x240 device_add+0x86d/0x1450 device_register+0x1a/0x20 0xffffffffc10270ce 0xffffffffc1048a62 do_one_initcall+0xa7/0x250 do_init_module+0x1d0/0x55d load_module+0x7c9f/0x9850 SYSC_finit_module+0x189/0x1c0 SyS_finit_module+0xe/0x10 entry_SYSCALL_64_fastpath+0x1a/0xa9 Freed: PID = 4128 save_stack_trace+0x1b/0x20 save_stack+0x46/0xd0 kasan_slab_free+0x71/0xb0 kfree+0x8d/0x1b0 scsi_host_dev_release+0x2cb/0x430 device_release+0x76/0x1e0 kobject_release+0x107/0x370 kobject_put+0x56/0xb0 put_device+0x17/0x20 scsi_host_put+0x15/0x20 0xffffffffc101fcd7 device_release_driver_internal+0x26a/0x4e0 device_release_driver+0x12/0x20 bus_remove_device+0x2d0/0x590 device_del+0x55b/0x920 device_unregister+0x1a/0xa0 0xffffffffc101e0ca 0xffffffffc102fccc SyS_delete_module+0x334/0x3e0 entry_SYSCALL_64_fastpath+0x1a/0xa9 Memory state around the buggy address: ffff8802b7fede00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8802b7fede80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8802b7fedf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8802b7fedf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8802b7fee000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Reported-by: Scott Bauer Fixes: e9c787e65c0c ("scsi: allocate scsi_cmnd structures as part of struct request") Signed-off-by: Bart Van Assche Cc: Scott Bauer Cc: Christoph Hellwig Cc: Jan Kara Cc: Hannes Reinecke Cc: --- drivers/scsi/scsi_lib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 15c9fe766071..d698364df072 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -2095,11 +2095,14 @@ static int scsi_init_rq(struct request_queue *q, struct request *rq, gfp_t gfp) struct Scsi_Host *shost = q->rq_alloc_data; struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(rq); + if (!scsi_host_get(shost)) + goto fail; + memset(cmd, 0, sizeof(*cmd)); cmd->sense_buffer = scsi_alloc_sense_buffer(shost, gfp, NUMA_NO_NODE); if (!cmd->sense_buffer) - goto fail; + goto put; cmd->req.sense = cmd->sense_buffer; if (scsi_host_get_prot(shost) >= SHOST_DIX_TYPE0_PROTECTION) { @@ -2112,6 +2115,8 @@ static int scsi_init_rq(struct request_queue *q, struct request *rq, gfp_t gfp) fail_free_sense: scsi_free_sense_buffer(shost, cmd->sense_buffer); +put: + scsi_host_put(shost); fail: return -ENOMEM; } @@ -2124,6 +2129,7 @@ static void scsi_exit_rq(struct request_queue *q, struct request *rq) if (cmd->prot_sdb) kmem_cache_free(scsi_sdb_cache, cmd->prot_sdb); scsi_free_sense_buffer(shost, cmd->sense_buffer); + scsi_host_put(shost); } struct request_queue *scsi_alloc_queue(struct scsi_device *sdev)