Re: [PATCH] blk-mq: fix use-after-free in blk_mq_free_tag_set()

[Keith Busch]

On Tue, 13 Oct 2015, Junichi Nomura wrote:
> tags is freed in blk_mq_free_rq_map() and should not be used after that.
> The problem doesn't manifest if CONFIG_CPUMASK_OFFSTACK is false because
> free_cpumask_var() is nop.
>
> tags->cpumask is allocated in blk_mq_init_tags() so it's natural to
> free cpumask in its counter part, blk_mq_free_tags().

Thanks for the fix.

Reviewed-by: Keith Busch <keith.busch@xxxxxxxxx>

> Fixes: f26cdc8536ad ("blk-mq: Shared tag enhancements")
> Signed-off-by: Jun'ichi Nomura <j-nomura@xxxxxxxxxxxxx>
> Cc: Keith Busch <keith.busch@xxxxxxxxx>
> Cc: Jens Axboe <axboe@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/