On 08/04/17 17:29, James Smart wrote:
> + /* Cleanup defer'ed IOs in queue */
> + list_for_each_entry(deferfcp, &queue->avail_defer_list, req_list) {
> + list_del(&deferfcp->req_list);
> + kfree(deferfcp);
> + }
Hello James,
Coverity reports a user-after-free for the above code:
*** CID 1416424: Memory - illegal accesses (USE_AFTER_FREE)
/drivers/nvme/target/fc.c: 738 in nvmet_fc_delete_target_queue()
732 &tgtport->fc_target_port,
fod->fcpreq);
733 }
734 }
735 }
736
737 /* Cleanup defer'ed IOs in queue */
>>> CID 1416424: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "deferfcp".
738 list_for_each_entry(deferfcp, &queue->avail_defer_list,
req_list) {
739 list_del(&deferfcp->req_list);
740 kfree(deferfcp);
741 }
742
743 for (;;) {
