[PATCH 0/3] target: Fix two races leading to use-after-free

From: Joern Engel
Date: Mon May 13 2013 - 17:58:50 EST

Next message: Joern Engel: "[PATCH 3/3] target: simplify target_wait_for_sess_cmds()"
Previous message: Ben Hutchings: "[PATCHv2 net 1/2] sfc: Delete EFX_PAGE_IP_ALIGN, equivalent toNET_IP_ALIGN"
Next in thread: Joern Engel: "[PATCH 1/3] target: removed unused transport_state flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In our testing we've encountered use-after-free bugs, usually in the
shape of double list_del, at a rate of 2-10 per week. Patches 2 and 3
fix two races that can both lead to use-after-free and after applying
both of those patches, we have been bug-free for some weeks now.

Patch 1 is an unrelated trivial cleanup. I just happened to spot it
while I was in the area.

Joern Engel (3):
target: removed unused transport_state flag
target: close target_put_sess_cmd() vs. core_tmr_abort_task() race v5
target: simplify target_wait_for_sess_cmds()

drivers/infiniband/ulp/srpt/ib_srpt.c | 2 +-
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 2 +-
drivers/target/target_core_transport.c | 73 +++++++++-----------------------
include/linux/kref.h | 33 +++++++++++++++
include/target/target_core_base.h | 3 --
include/target/target_core_fabric.h | 2 +-
6 files changed, 57 insertions(+), 58 deletions(-)

--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joern Engel: "[PATCH 3/3] target: simplify target_wait_for_sess_cmds()"
Previous message: Ben Hutchings: "[PATCHv2 net 1/2] sfc: Delete EFX_PAGE_IP_ALIGN, equivalent toNET_IP_ALIGN"
Next in thread: Joern Engel: "[PATCH 1/3] target: removed unused transport_state flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]