| commit | 36a251c3468f34a2486dd49836e397534a1bb189 | |
| author | Klaus Jensen <k.jensen@samsung.com> | |
| Thu, 10 Nov 2022 06:59:47 +0000 (10 07:59 +0100) | ||
| committer | Klaus Jensen <k.jensen@samsung.com> | |
| Thu, 1 Dec 2022 07:44:56 +0000 (1 08:44 +0100) | ||
| tree | bf913084098b567e45ee44e6a6272eea22b968d3 | treesnapshot (tar.gz zip) |
| parent | 3dbc1708ea37d03dd18ce498039e31d8565e673a | commitdiff |
hw/nvme: fix aio cancel in zone reset
If the zone reset operation is cancelled but the block unmap operation
completes normally, the callback will continue resetting the next zone
since it neglects to check iocb->ret which will have been set to
-ECANCELED. Make sure that this is checked and bail out if an error is
present.
Secondly, fix a potential use-after-free by removing the bottom half and
enqueuing the completion directly.
Fixes: 63d96e4ffd71 ("hw/nvme: reimplement zone reset to allow cancellation")
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
If the zone reset operation is cancelled but the block unmap operation
completes normally, the callback will continue resetting the next zone
since it neglects to check iocb->ret which will have been set to
-ECANCELED. Make sure that this is checked and bail out if an error is
present.
Secondly, fix a potential use-after-free by removing the bottom half and
enqueuing the completion directly.
Fixes: 63d96e4ffd71 ("hw/nvme: reimplement zone reset to allow cancellation")
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| hw/nvme/ctrl.c | diffblobblamehistory |