github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
86d1cdf56f
linux/drivers/target
History
Xiaoguang Wang b7f3b5d70c scsi: target: tcmu: Fix possible page UAF 
[ Upstream commit a6968f7a36 ]

tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not
take refcount properly and just returns page pointer. When
tcmu_try_get_data_page() returns, the returned page may have been freed by
tcmu_blocks_release().

We need to get_page() under cmdr_lock to avoid concurrent
tcmu_blocks_release().

Link: https://lore.kernel.org/r/20220311132206.24515-1-xiaoguang.wang@linux.alibaba.com
Reviewed-by: Bodo Stroesser <bostroesser@gmail.com>
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-20 09:34:15 +02:00
..
iscsi scsi: target: iscsi: Make sure the np under each tpg is unique 2022-02-16 12:56:12 +01:00
loopback SCSI misc on 20210902 2021-09-02 15:09:46 -07:00
sbp
tcm_fc
Kconfig
Makefile
target_core_alua.c scsi: target: Fix alua_tg_pt_gps_count tracking 2021-11-25 09:48:29 +01:00
target_core_alua.h
target_core_configfs.c scsi: target: Fix the pgr/alua_support_store functions 2021-09-13 22:15:46 -04:00
target_core_device.c scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
target_core_fabric_configfs.c
target_core_fabric_lib.c
target_core_file.c
target_core_file.h
target_core_hba.c
target_core_iblock.c
target_core_iblock.h
target_core_internal.h scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
target_core_pr.c scsi: target: Fix spelling mistake "CONFLIFT" -> "CONFLICT" 2021-09-22 00:17:29 -04:00
target_core_pr.h
target_core_pscsi.c scsi: target: pscsi: Fix possible null-pointer dereference in pscsi_complete_cmd() 2021-08-17 22:28:39 -04:00
target_core_pscsi.h
target_core_rd.c
target_core_rd.h
target_core_sbc.c
target_core_spc.c
target_core_stat.c
target_core_tmr.c scsi: target: core: Remove from tmr_list during LUN unlink 2021-11-18 19:17:03 +01:00
target_core_tpg.c
target_core_transport.c scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
target_core_ua.c
target_core_ua.h
target_core_user.c scsi: target: tcmu: Fix possible page UAF 2022-04-20 09:34:15 +02:00
target_core_xcopy.c scsi: target: Fix sense key for invalid EXTENDED COPY request 2021-08-17 22:28:40 -04:00
target_core_xcopy.h