diff options
author | Mike Christie <mchristi@redhat.com> | 2017-05-17 04:34:37 -0500 |
---|---|---|
committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2017-05-23 19:50:49 -0700 |
commit | f3cdbe39b2ab0636dec0d5d43b54f1061ce7566c (patch) | |
tree | 957000299919ddd60cf9159df3563d21a8ba7be7 /include/target/iscsi | |
parent | 4ff83daa0200affe1894bd33d17bac404e3d78d4 (diff) | |
download | op-kernel-dev-f3cdbe39b2ab0636dec0d5d43b54f1061ce7566c.zip op-kernel-dev-f3cdbe39b2ab0636dec0d5d43b54f1061ce7566c.tar.gz |
tcmu: fix crash during device removal
We currently do
tcmu_free_device ->tcmu_netlink_event(TCMU_CMD_REMOVED_DEVICE) ->
uio_unregister_device -> kfree(tcmu_dev).
The problem is that the kernel does not wait for userspace to
do the close() on the uio device before freeing the tcmu_dev.
We can then hit a race where the kernel frees the tcmu_dev before
userspace does close() and so when close() -> release -> tcmu_release
is done, we try to access a freed tcmu_dev.
This patch made over the target-pending master branch moves the freeing
of the tcmu_dev to when the last reference has been dropped.
This also fixes a leak where if tcmu_configure_device was not called on a
device we did not free udev->name which was allocated at tcmu_alloc_device time.
Signed-off-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'include/target/iscsi')
0 files changed, 0 insertions, 0 deletions