From: Sagi Grimberg Date: Mon, 27 Feb 2017 16:44:45 +0000 (+0200) Subject: nvme-loop: fix a possible use-after-free when destroying the admin queue X-Git-Tag: v4.14-rc1~1015^2~249 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d476983ea078b7a101481967a3bb5ab6760cf759;p=platform%2Fkernel%2Flinux-rpi.git nvme-loop: fix a possible use-after-free when destroying the admin queue we need to destroy the nvmet sq and let it finish gracefully before continue to cleanup the queue. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg --- diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c index 4bfb285c32e8..f880b8b8495a 100644 --- a/drivers/nvme/target/loop.c +++ b/drivers/nvme/target/loop.c @@ -288,9 +288,9 @@ static const struct blk_mq_ops nvme_loop_admin_mq_ops = { static void nvme_loop_destroy_admin_queue(struct nvme_loop_ctrl *ctrl) { + nvmet_sq_destroy(&ctrl->queues[0].nvme_sq); blk_cleanup_queue(ctrl->ctrl.admin_q); blk_mq_free_tag_set(&ctrl->admin_tag_set); - nvmet_sq_destroy(&ctrl->queues[0].nvme_sq); } static void nvme_loop_free_ctrl(struct nvme_ctrl *nctrl)