github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
82327823f3
linux/drivers
History
Israel Rukshin 82327823f3 nvmet-tcp: fix use-after-free when a port is removed 
[ Upstream commit 2351ead99c ]

When removing a port, all its controllers are being removed, but there
are queues on the port that doesn't belong to any controller (during
connection time). This causes a use-after-free bug for any command
that dereferences req->port (like in nvmet_alloc_ctrl). Those queues
should be destroyed before freeing the port via configfs. Destroy
the remaining queues after the accept_work was cancelled guarantees
that no new queue will be created.

Signed-off-by: Israel Rukshin <israelr@nvidia.com>
Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 14:03:59 +01:00
..
accessibility
acpi ACPI: battery: Accept charges over the design capacity as full 2021-11-18 14:03:57 +01:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-06 14:10:09 +01:00
android binder: use cred instead of task for getsecid 2021-11-18 14:03:36 +01:00
ata libata: fix checking of DMA state 2021-11-18 14:03:46 +01:00
atm atm: nicstar: register the interrupt handler in the right place 2021-07-19 09:44:52 +02:00
auxdisplay
base PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions 2021-11-18 14:03:46 +01:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-15 09:50:45 +02:00
block Revert "block: nbd: add sanity check for first_minor" 2021-09-16 12:51:23 +02:00
bluetooth Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS 2021-09-03 10:09:28 +02:00
bus drivers: bus: simple-pm-bus: Add support for probing simple bus only devices 2021-10-20 11:45:01 +02:00
cdrom
char ipmi: Disable some operations during a panic 2021-11-18 14:03:56 +01:00
clk clk: socfpga: agilex: fix duplicate s2f_user0_clk 2021-10-20 11:44:58 +02:00
clocksource clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel 2021-09-15 09:50:29 +02:00
connector
counter counter: 104-quad-8: Return error when invalid mode during ceiling_write 2021-09-15 09:50:38 +02:00
cpufreq cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory 2021-10-06 15:55:46 +02:00
cpuidle cpuidle: pseries: Mark pseries_idle_proble() as __init 2021-09-18 13:40:12 +02:00
crypto crypto: s5p-sss - Add error handling in s5p_aes_probe() 2021-11-18 14:03:38 +01:00
dax
dca
devfreq
dio
dma dmaengine: xilinx_dma: Set DMA mask for coherent APIs 2021-09-26 14:09:00 +02:00
dma-buf dma-buf: WARN on dmabuf release with pending attachments 2021-11-18 14:03:52 +01:00
edac EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell 2021-11-18 14:03:45 +01:00
eisa
extcon extcon: intel-mrfld: Sync hardware and software state on init 2021-07-19 09:45:00 +02:00
firewire
firmware firmware/psci: fix application of sizeof to pointer 2021-11-18 14:03:38 +01:00
fpga fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() 2021-09-30 10:11:04 +02:00
fsi fsi: Add missing MODULE_DEVICE_TABLE 2021-07-20 16:05:42 +02:00
gnss
gpio gpio: mlxbf2.c: Add check for bgpio_init failure 2021-11-18 14:03:42 +01:00
gpu drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() 2021-11-18 14:03:57 +01:00
greybus
hid HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs 2021-10-17 10:43:32 +02:00
hsi
hv hyperv/vmbus: include linux/bitops.h 2021-11-18 14:03:42 +01:00
hwmon hwmon: (pmbus/lm25066) Add offset coefficients 2021-11-18 14:03:44 +01:00
hwspinlock
hwtracing coresight: cti: Correct the parameter for pm_runtime_put 2021-11-18 14:03:51 +01:00
i2c i2c: mediatek: Add OFFSET_EXT_CONF setting back 2021-10-13 10:04:29 +02:00
i3c
ide
idle
iio iio: ad5770r: make devicetree property reading consistent 2021-11-18 14:03:51 +01:00
infiniband RDMA/qedr: Fix NULL deref for query_qp on the GSI QP 2021-11-18 14:03:47 +01:00
input Input: i8042 - Add quirk for Fujitsu Lifebook T725 2021-11-18 14:03:36 +01:00
interconnect treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
iommu iommu/amd: Relocate GAMSup check to early_enable_iommus 2021-09-26 14:08:59 +02:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 15:56:01 +02:00
irqchip irqchip/gic: Work around broken Renesas integration 2021-10-09 14:40:57 +02:00
isdn mISDN: Fix return values of the probe function 2021-11-18 14:03:41 +01:00
leds leds: trigger: audio: Add an activate callback to ensure the initial brightness is set 2021-09-15 09:50:36 +02:00
lightnvm
macintosh
mailbox soc: mediatek: cmdq: add address shift in jump 2021-09-18 13:40:16 +02:00
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-30 10:11:00 +02:00
md md: update superblock after changing rdev flags in state_store 2021-11-18 14:03:57 +01:00
media media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() 2021-11-18 14:03:56 +01:00
memory memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode 2021-11-18 14:03:47 +01:00
memstick memstick: r592: Fix a UAF bug when removing the driver 2021-11-18 14:03:58 +01:00
message
mfd mfd: lpc_sch: Rename GPIOBASE to prevent build error 2021-09-22 12:28:06 +02:00
misc misc: fastrpc: Add missing lock before accessing find_vma() 2021-10-20 11:45:01 +02:00
mmc mmc: moxart: Fix reference count leaks in moxart_probe 2021-11-18 14:03:57 +01:00
most most: fix control-message timeouts 2021-11-18 14:03:51 +01:00
mtd mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines 2021-11-18 14:03:48 +01:00
mux
net mwl8k: Fix use-after-free in mwl8k_fw_state_machine() 2021-11-18 14:03:58 +01:00
nfc nfc: port100: fix using -ERRNO as command type mask 2021-11-02 19:48:19 +01:00
ntb NTB: perf: Fix an error code in perf_setup_inbuf() 2021-09-22 12:28:02 +02:00
nubus
nvdimm libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind 2021-09-18 13:40:36 +02:00
nvme nvmet-tcp: fix use-after-free when a port is removed 2021-11-18 14:03:59 +01:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-20 11:45:01 +02:00
of of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS 2021-09-18 13:40:31 +02:00
opp opp: Don't print an error if required-opps is missing 2021-09-18 13:40:29 +02:00
oprofile
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-26 14:08:59 +02:00
parport parport: remove non-zero check on count 2021-09-18 13:40:34 +02:00
pci PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge 2021-11-18 14:03:50 +01:00
pcmcia pcmcia: i82092: fix a null pointer dereference bug 2021-08-12 13:22:16 +02:00
perf
phy phy: intel: Fix for warnings due to EMMC clock 175Mhz change in FIP 2021-07-20 16:05:46 +02:00
pinctrl pinctrl: core: fix possible memory leak in pinctrl_enable() 2021-11-18 14:03:51 +01:00
platform platform/x86: wmi: do not fail if disabling fails 2021-11-18 14:03:53 +01:00
pnp
power power: supply: max17042_battery: Clear status bits in interrupt handler 2021-11-18 14:03:52 +01:00
powercap
pps
ps3
ptp ptp_pch: Load module automatically if ID matches 2021-10-13 10:04:27 +02:00
pwm pwm: stm32-lp: Don't modify HW state in .remove() callback 2021-09-26 14:09:01 +02:00
rapidio
ras
regulator regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled 2021-11-18 14:03:45 +01:00
remoteproc remoteproc: k3-r5: Fix an error message 2021-07-20 16:05:50 +02:00
reset reset: socfpga: add empty driver allowing consumers to probe 2021-11-18 14:03:42 +01:00
rpmsg
rtc rtc: rx8010: select REGMAP_I2C 2021-09-26 14:09:02 +02:00
s390 s390/qeth: fix NULL deref in qeth_clear_working_pool_list() 2021-09-30 10:11:03 +02:00
sbus
scsi scsi: qla2xxx: Fix unmap of already freed sgl 2021-11-18 14:03:41 +01:00
sfi
sh
siox
slimbus slimbus: ngd: reset dma setup during runtime pm 2021-08-26 08:35:55 -04:00
soc soc: fsl: dpio: use the combined functions to protect critical zone 2021-11-18 14:03:48 +01:00
soundwire soundwire: intel: fix potential race condition during power down 2021-09-18 13:40:31 +02:00
spi spi: spl022: fix Microwire full duplex mode 2021-11-18 14:03:43 +01:00
spmi
ssb
staging media: allegro: ignore interrupt if mailbox is not initialized 2021-11-18 14:03:58 +01:00
target scsi: target: Fix the pgr/alua_support_store functions 2021-09-30 10:11:03 +02:00
tc
tee tee: optee: Fix missing devices unregister during optee_remove 2021-10-20 11:45:02 +02:00
thermal thermal/drivers/tsens: Fix wrong check for tzd in irq handlers 2021-10-09 14:40:57 +02:00
thunderbolt thunderbolt: Fix port linking by checking all adapters 2021-09-18 13:40:27 +02:00
tty serial: 8250: fix racy uartclk update 2021-11-18 14:03:51 +01:00
uio
usb USB: chipidea: fix interrupt deadlock 2021-11-18 14:03:52 +01:00
vdpa vdpa/mlx5: Avoid destroying MR on empty iotlb 2021-08-26 08:35:42 -04:00
vfio vfio: Use config not menuconfig for VFIO_NOIOMMU 2021-09-18 13:40:12 +02:00
vhost vhost-vdpa: Fix the wrong input in config_cb 2021-10-20 11:45:04 +02:00
video video: fbdev: gbefb: Only instantiate device when built for IP32 2021-10-13 10:04:28 +02:00
virt
virtio virtio: write back F_VERSION_1 before validate 2021-10-20 11:45:01 +02:00
visorbus
vlynq
vme
w1 w1: ds2438: fixing bug that would always get page0 2021-07-20 16:05:39 +02:00
watchdog watchdog: Fix OMAP watchdog early handling 2021-11-18 14:03:43 +01:00
xen xen/balloon: add late_initcall_sync() for initial ballooning done 2021-11-18 14:03:49 +01:00
zorro
Kconfig
Makefile