Commit 3eb2713e authored by Lv Yunlong's avatar Lv Yunlong Committed by Zheng Zengkai
Browse files

nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done 



stable inclusion
from stable-5.10.27
commit 8f0534c96ac80bb05dfa74897c151f49b37d6663
bugzilla: 51493

--------------------------------

[ Upstream commit abec6561 ]

In nvmet_rdma_write_data_done, rsp is recoverd by wc->wr_cqe and freed by
nvmet_rdma_release_rsp(). But after that, pr_info() used the freed
chunk's member object and could leak the freed chunk address with
wc->wr_cqe by computing the offset.

Signed-off-by: default avatarLv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Acked-by: default avatar  Weilong Chen <chenweilong@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent dd21332d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment