scsi: qedi: Fix use after free during abort cleanup

If qedi_tmf_work's qedi_wait_for_cleanup_request call times out we will also force the clean up of the qedi_work_map but qedi_process_cmd_cleanup_resp could still be accessing the qedi_cmd. To fix this issue we extend where we hold the tmf_work_lock and back_lock so the qedi_process_cmd_cleanup_resp access is serialized with the cleanup done in qedi_tmf_work and any completion handling for the iscsi_task. Link: https://lore.kernel.org/r/20210525181821.7617-22-michael.christie@oracle.com Reviewed-by: Manish Rangankar <mrangankar@marvell.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
author: Mike Christie <michael.christie@oracle.com> 2021-05-25 21:18:14 +0300
committer: Martin K. Petersen <martin.petersen@oracle.com> 2021-06-02 08:28:22 +0300
commit: 5b04d050cde44c3c1a9a0342da50d785d075b0f6 (patch)
tree: c95c6dec01c4e095915245a18e8408985aca122d /drivers/scsi/qedi/qedi_iscsi.h
parent: 2ce002366a3fcc3f9616d4583194f65dde0ad253 (diff)
download: linux-5b04d050cde44c3c1a9a0342da50d785d075b0f6.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/scsi/qedi/qedi_iscsi.h b/drivers/scsi/qedi/qedi_iscsi.h
index 39dc27c85e3c..68ef519f5480 100644
--- a/drivers/scsi/qedi/qedi_iscsi.h
+++ b/drivers/scsi/qedi/qedi_iscsi.h
@@ -212,6 +212,7 @@ struct qedi_cmd {
 struct qedi_work_map {
 	struct list_head list;
 	struct qedi_cmd *qedi_cmd;
+	struct iscsi_task *ctask;
 	int rtid;
 
 	int state;
author	Mike Christie <michael.christie@oracle.com>	2021-05-25 21:18:14 +0300
committer	Martin K. Petersen <martin.petersen@oracle.com>	2021-06-02 08:28:22 +0300
commit	5b04d050cde44c3c1a9a0342da50d785d075b0f6 (patch)
tree	c95c6dec01c4e095915245a18e8408985aca122d /drivers/scsi/qedi/qedi_iscsi.h
parent	2ce002366a3fcc3f9616d4583194f65dde0ad253 (diff)
download	linux-5b04d050cde44c3c1a9a0342da50d785d075b0f6.tar.xz