| Message ID | 20200515101903.GJ3041@kadam (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [resend] scsi: lpfc: Fix a use after free in lpfc_nvme_unsol_ls_handler() | expand |
James, can you review this patch?
On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote:
> James, can you review this patch?
He already reviewed it in a different thread. I copied his R-b tag.
regards,
dan carpenter
On Wed, May 20, 2020 at 08:24:33PM +0300, Dan Carpenter wrote: > On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: > > James, can you review this patch? > > He already reviewed it in a different thread. I copied his R-b tag. James, should this go into the nvme or scsi tree?
Christoph, > On Wed, May 20, 2020 at 08:24:33PM +0300, Dan Carpenter wrote: >> On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: >> > James, can you review this patch? >> >> He already reviewed it in a different thread. I copied his R-b tag. > > James, should this go into the nvme or scsi tree? The offending patch is in the nvme tree so I think you should take it. Otherwise I'll pick it up in 5.8/scsi-fixes.
On Wed, May 20, 2020 at 01:33:12PM -0400, Martin K. Petersen wrote: > > Christoph, > > > On Wed, May 20, 2020 at 08:24:33PM +0300, Dan Carpenter wrote: > >> On Wed, May 20, 2020 at 09:55:57AM -0700, Christoph Hellwig wrote: > >> > James, can you review this patch? > >> > >> He already reviewed it in a different thread. I copied his R-b tag. > > > > James, should this go into the nvme or scsi tree? > > The offending patch is in the nvme tree so I think you should take > it. Otherwise I'll pick it up in 5.8/scsi-fixes. I'll pick it up. Can you give me an ACK for it to show Jens you are ok with that?
Christoph, > I'll pick it up. Can you give me an ACK for it to show Jens you are > ok with that? Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: > > Christoph, > > > I'll pick it up. Can you give me an ACK for it to show Jens you are > > ok with that? > > Acked-by: Martin K. Petersen <martin.petersen@oracle.com> Thanks, applied to nvme-5.8.
On 5/20/2020 10:48 AM, Christoph Hellwig wrote: > On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: >> Christoph, >> >>> I'll pick it up. Can you give me an ACK for it to show Jens you are >>> ok with that? >> Acked-by: Martin K. Petersen <martin.petersen@oracle.com> > Thanks, > > applied to nvme-5.8. Guess you didn't see Dan's response - we had replied, and Dick rejected it. Dick has created a new patch that I'll be posting shortly. -- james
On Wed, May 20, 2020 at 10:51:48AM -0700, James Smart wrote: > On 5/20/2020 10:48 AM, Christoph Hellwig wrote: > > On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: > > > Christoph, > > > > > > > I'll pick it up. Can you give me an ACK for it to show Jens you are > > > > ok with that? > > > Acked-by: Martin K. Petersen <martin.petersen@oracle.com> > > Thanks, > > > > applied to nvme-5.8. > > Guess you didn't see Dan's response - we had replied, and Dick rejected it. > Dick has created a new patch that I'll be posting shortly. Oh well, I'll pull it again then.
On Wed, May 20, 2020 at 10:51:48AM -0700, James Smart wrote: > On 5/20/2020 10:48 AM, Christoph Hellwig wrote: > > On Wed, May 20, 2020 at 01:39:55PM -0400, Martin K. Petersen wrote: > > > Christoph, > > > > > > > I'll pick it up. Can you give me an ACK for it to show Jens you are > > > > ok with that? > > > Acked-by: Martin K. Petersen <martin.petersen@oracle.com> > > Thanks, > > > > applied to nvme-5.8. > > Guess you didn't see Dan's response - we had replied, and Dick rejected it. > Dick has created a new patch that I'll be posting shortly. Gar.... I'm sorry I have two mail boxes, one for kernel-janitors and one for my own email address. I guess his email never made it to the lists. I did get it on my other email box though. regards, dan carpenter
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 38889cb6e1996..fcf51b4192d66 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -2895,14 +2895,14 @@ lpfc_nvme_unsol_ls_handler(struct lpfc_hba *phba, struct lpfc_iocbq *piocb) (phba->nvmet_support) ? "T" : "I", ret); out_fail: - kfree(axchg); - /* recycle receive buffer */ lpfc_in_buf_free(phba, &nvmebuf->dbuf); /* If start of new exchange, abort it */ - if (fctl & FC_FC_FIRST_SEQ && !(fctl & FC_FC_EX_CTX)) + if (axchg && (fctl & FC_FC_FIRST_SEQ) && !(fctl & FC_FC_EX_CTX)) lpfc_nvme_unsol_ls_issue_abort(phba, axchg, sid, oxid); + + kfree(axchg); } /**
The "axchg" pointer is dereferenced when we call the lpfc_nvme_unsol_ls_issue_abort() function. It can't be either freed or NULL. Fixes: 3a8070c567aa ("lpfc: Refactor NVME LS receive handling") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: James Smart <james.smart@broadcom.com> --- Resending to the NVMe list. Added James' R-b. Is there a way we could update MAINTAINERS so that ./get_maintainer.pl send these to the correct list? drivers/scsi/lpfc/lpfc_sli.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)