Revision - abec656 - nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done

Revision abec6561fc4e0fbb19591a0b35676d8c783b5493 authored by Lv Yunlong on 11 March 2021, 05:44:13 UTC, committed by Christoph Hellwig on 11 March 2021, 10:48:35 UTC

nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done

In nvmet_rdma_write_data_done, rsp is recoverd by wc->wr_cqe and freed by
nvmet_rdma_release_rsp(). But after that, pr_info() used the freed
chunk's member object and could leak the freed chunk address with
wc->wr_cqe by computing the offset.

Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Christoph Hellwig <hch@lst.de>

1 parent 0ec84df

Files
Changes

Permalinks

File	Mode	Size
bpftool
resolve_btfids
runqslower
.gitignore	-rw-r--r--	111 bytes
Makefile	-rw-r--r--	3.5 KB
Makefile.helpers	-rw-r--r--	1.5 KB
bpf_asm.c	-rw-r--r--	1.2 KB
bpf_dbg.c	-rw-r--r--	28.2 KB
bpf_exp.l	-rw-r--r--	4.0 KB
bpf_exp.y	-rw-r--r--	15.7 KB
bpf_jit_disasm.c	-rw-r--r--	6.4 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...