From: Sagi Grimberg Date: Mon, 27 Feb 2017 16:44:45 +0000 (+0200) Subject: nvme-loop: fix a possible use-after-free when destroying the admin queue X-Git-Tag: Ubuntu-5.2.0-15.16~7027^2~227 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=d476983ea078b7a101481967a3bb5ab6760cf759;p=mirror_ubuntu-eoan-kernel.git nvme-loop: fix a possible use-after-free when destroying the admin queue we need to destroy the nvmet sq and let it finish gracefully before continue to cleanup the queue. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg --- diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c index 4bfb285c32e8..f880b8b8495a 100644 --- a/drivers/nvme/target/loop.c +++ b/drivers/nvme/target/loop.c @@ -288,9 +288,9 @@ static const struct blk_mq_ops nvme_loop_admin_mq_ops = { static void nvme_loop_destroy_admin_queue(struct nvme_loop_ctrl *ctrl) { + nvmet_sq_destroy(&ctrl->queues[0].nvme_sq); blk_cleanup_queue(ctrl->ctrl.admin_q); blk_mq_free_tag_set(&ctrl->admin_tag_set); - nvmet_sq_destroy(&ctrl->queues[0].nvme_sq); } static void nvme_loop_free_ctrl(struct nvme_ctrl *nctrl)