ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bdev_virtio: fix use-after-free in scsi scan_ctx

Browse Source 
Found while debugging issue #2596, unfortunately this
is not the root cause of that issue.

Signed-off-by: Jim Harris <james.r.harris@intel.com>
Change-Id: I27501e283ce7c9bf7a431e8b48842c83f80792c8
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/14165
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Paul Luse <paul.e.luse@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@nvidia.com>
Reviewed-by: Dong Yi <dongx.yi@intel.com>
This commit is contained in:
Jim Harris 2022-08-23 20:52:48 +00:00 committed by Tomasz Zawadzki
parent 29977e8506
commit 08422b5843
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
module/bdev/virtio/bdev_virtio_scsi.c
View File

@ -805,6 +805,11 @@ bdev_virtio_poll(void *arg)
bdev_virtio_io_cpl(io[i]); bdev_virtio_io_cpl(io[i]);
} }
/* scan_ctx could have been freed while processing completions above, so
* we need to re-read the value again here into the local variable before
* using it.
*/
scan_ctx = svdev->scan_ctx;
if (spdk_unlikely(scan_ctx && scan_ctx->needs_resend)) { if (spdk_unlikely(scan_ctx && scan_ctx->needs_resend)) {
if (svdev->removed) { if (svdev->removed) {
_virtio_scsi_dev_scan_finish(scan_ctx, -EINTR); _virtio_scsi_dev_scan_finish(scan_ctx, -EINTR);