diff options
| author | Mike Christie <[email protected]> | 2023-03-20 21:06:18 -0500 | 
|---|---|---|
| committer | Michael S. Tsirkin <[email protected]> | 2023-04-04 11:01:58 -0400 | 
| commit | e508efc3ae7e44eb3caf595a086bfd3824da5b9a (patch) | |
| tree | f203cdbff4a4eb68d4ffd551cbcde361ba3b5fa6 /tools/perf/scripts/python/event_analyzing_sample.py | |
| parent | 10805eb5d6d15fd4f61b05cc7aa269e12ab99848 (diff) | |
vhost-scsi: Fix vhost_scsi struct use after free
If vhost_scsi_setup_vq_cmds fails we leave the tpg->vhost_scsi pointer
set. If the device is freed and then the user unmaps the LUN, the call to
vhost_scsi_port_unlink -> vhost_scsi_hotunplug will see the that
tpg->vhost_scsi is still set and try to use it.
This has us clear the vhost_scsi pointer in the failure path. It also
has us take tv_tpg_mutex in this failure path, because tv_tpg_vhost_count
is accessed under this mutex in vhost_scsi_drop_nexus and in the future
we will want to serialize access to tpg->vhost_scsi with that mutex
instead of the vhost_scsi_mutex.
Signed-off-by: Mike Christie <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/event_analyzing_sample.py')
0 files changed, 0 insertions, 0 deletions