git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ewan D. Milne <emilne@redhat.com>
	Thu, 17 Jan 2019 16:14:44 +0000 (11:14 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 5 Mar 2019 16:59:40 +0000 (17:59 +0100)
commit	9aaa706c5da8b619d279cc57ef4b4c7ec9fb49ec
tree	32c6b6d6312019aec91eefffe472402aef78ab2a	tree
parent	38544660bd4569c64f2486d112427c629a7ab115	commit \| diff

scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport

[ Upstream commit 7961cba6f7d8215fa632df3d220e5154bb825249 ]

We cannot wait on a completion object in the lpfc_nvme_lport structure in
the _destroy_localport() code path because the NVMe/fc transport will free
that structure immediately after the .localport_delete() callback. This
results in a use-after-free, and a hang if slub_debug=FZPU is enabled.

Fix this by putting the completion on the stack.

Signed-off-by: Ewan D. Milne <emilne@redhat.com>
Acked-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/scsi/lpfc/lpfc_nvme.c		diff \| blob \| blame \| history
drivers/scsi/lpfc/lpfc_nvme.h		diff \| blob \| blame \| history