WSL2-Linux-Kernel/drivers/target
Xiaoguang Wang b7f3b5d70c scsi: target: tcmu: Fix possible page UAF
[ Upstream commit a6968f7a36 ]

tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not
take refcount properly and just returns page pointer. When
tcmu_try_get_data_page() returns, the returned page may have been freed by
tcmu_blocks_release().

We need to get_page() under cmdr_lock to avoid concurrent
tcmu_blocks_release().

Link: https://lore.kernel.org/r/20220311132206.24515-1-xiaoguang.wang@linux.alibaba.com
Reviewed-by: Bodo Stroesser <bostroesser@gmail.com>
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-20 09:34:15 +02:00
..
iscsi scsi: target: iscsi: Make sure the np under each tpg is unique 2022-02-16 12:56:12 +01:00
loopback SCSI misc on 20210902 2021-09-02 15:09:46 -07:00
sbp scsi: target: sbp: Drop incorrect ASC/ASCQ usage 2021-08-03 07:27:43 -04:00
tcm_fc scsi: target: tcm_fc: Fix a kernel-doc header 2021-04-15 22:44:41 -04:00
Kconfig scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON 2021-07-28 22:24:27 -04:00
Makefile
target_core_alua.c scsi: target: Fix alua_tg_pt_gps_count tracking 2021-11-25 09:48:29 +01:00
target_core_alua.h
target_core_configfs.c scsi: target: Fix the pgr/alua_support_store functions 2021-09-13 22:15:46 -04:00
target_core_device.c scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
target_core_fabric_configfs.c scsi: target: core: Make completion affinity configurable 2021-03-04 17:37:03 -05:00
target_core_fabric_lib.c
target_core_file.c scsi: target: core: file: Don't duplicate memset(0xff) 2021-03-09 23:47:18 -05:00
target_core_file.h
target_core_hba.c
target_core_iblock.c scsi: target: Remove redundant assignment to variable ret 2021-07-27 00:06:42 -04:00
target_core_iblock.h scsi: target: iblock: Add backend plug/unplug callouts 2021-03-04 17:37:02 -05:00
target_core_internal.h scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
target_core_pr.c scsi: target: Fix spelling mistake "CONFLIFT" -> "CONFLICT" 2021-09-22 00:17:29 -04:00
target_core_pr.h scsi: target: core: Unify NAA identifier generation 2021-05-15 14:14:28 -04:00
target_core_pscsi.c scsi: target: pscsi: Fix possible null-pointer dereference in pscsi_complete_cmd() 2021-08-17 22:28:39 -04:00
target_core_pscsi.h
target_core_rd.c scsi: target: Add the DUMMY flag to rd_mcp 2021-04-05 23:26:38 -04:00
target_core_rd.h scsi: target: Add the DUMMY flag to rd_mcp 2021-04-05 23:26:38 -04:00
target_core_sbc.c scsi: target: Fix protect handling in WRITE SAME(32) 2021-07-18 21:27:42 -04:00
target_core_spc.c scsi: target: Use standard SAM status types 2021-05-31 22:48:24 -04:00
target_core_stat.c scsi: target: core: Remove unused macros NONE and ISPRINT 2021-03-09 23:47:18 -05:00
target_core_tmr.c scsi: target: core: Remove from tmr_list during LUN unlink 2021-11-18 19:17:03 +01:00
target_core_tpg.c
target_core_transport.c scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
target_core_ua.c
target_core_ua.h
target_core_user.c scsi: target: tcmu: Fix possible page UAF 2022-04-20 09:34:15 +02:00
target_core_xcopy.c scsi: target: Fix sense key for invalid EXTENDED COPY request 2021-08-17 22:28:40 -04:00
target_core_xcopy.h scsi: target: Fix XCOPY NAA identifier lookup 2021-01-11 17:06:48 -05:00