Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Max, > On Jan 15, 2018, at 12:37 PM, Max Kellermann wrote: > > On 2018/01/15 20:58, "Madhani, Himanshu" wrote: >> We have patch to prevent this double free in 4.16/scsi-queue >> already. > > No, let me repeat: this is a different bug! > > Your

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Max, > On Jan 15, 2018, at 12:37 PM, Max Kellermann wrote: > > On 2018/01/15 20:58, "Madhani, Himanshu" wrote: >> We have patch to prevent this double free in 4.16/scsi-queue >> already. > > No, let me repeat: this is a different bug! > > Your bug is about the free call after waiting for

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Hi Max, > On Jan 15, 2018, at 12:37 PM, Max Kellermann wrote: > > On 2018/01/15 20:58, "Madhani, Himanshu" wrote: >> We have patch to prevent this double free in 4.16/scsi-queue >> already. > > No, let me repeat: this is a different bug! > >

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Hi Max, > On Jan 15, 2018, at 12:37 PM, Max Kellermann wrote: > > On 2018/01/15 20:58, "Madhani, Himanshu" wrote: >> We have patch to prevent this double free in 4.16/scsi-queue >> already. > > No, let me repeat: this is a different bug! > > Your bug is about the free call after waiting for

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

On 2018/01/15 20:58, "Madhani, Himanshu" wrote: > We have patch to prevent this double free in 4.16/scsi-queue > already. No, let me repeat: this is a different bug! Your bug is about the free call after waiting for completion synchronously in

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

On 2018/01/15 20:58, "Madhani, Himanshu" wrote: > We have patch to prevent this double free in 4.16/scsi-queue > already. No, let me repeat: this is a different bug! Your bug is about the free call after waiting for completion synchronously in qla24xx_els_dcmd_iocb(), after it was already freed

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Hi Max, > On Jan 15, 2018, at 9:26 AM, Max Kellermann wrote: > > When the qla2xxx firmware is unavailable, eventually > qla2x00_sp_timeout() is reached, which calls the timeout function and > frees the srb_t instance. > > The timeout function always resolves to

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Hi Max, > On Jan 15, 2018, at 9:26 AM, Max Kellermann wrote: > > When the qla2xxx firmware is unavailable, eventually > qla2x00_sp_timeout() is reached, which calls the timeout function and > frees the srb_t instance. > > The timeout function always resolves to qla2x00_async_iocb_timeout(), >

[PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

When the qla2xxx firmware is unavailable, eventually qla2x00_sp_timeout() is reached, which calls the timeout function and frees the srb_t instance. The timeout function always resolves to qla2x00_async_iocb_timeout(), which invokes another callback function called "done". All of these

[PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

When the qla2xxx firmware is unavailable, eventually qla2x00_sp_timeout() is reached, which calls the timeout function and frees the srb_t instance. The timeout function always resolves to qla2x00_async_iocb_timeout(), which invokes another callback function called "done". All of these

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

On 2017/12/07 21:38, "Madhani, Himanshu" wrote: > NACK > > These calls are asynchronous calls and free should be called by > completion. I don't understand the NACK, and your text doesn't explain it. It only describes a second bug that is orthogonal to mine.

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

On 2017/12/07 21:38, "Madhani, Himanshu" wrote: > NACK > > These calls are asynchronous calls and free should be called by > completion. I don't understand the NACK, and your text doesn't explain it. It only describes a second bug that is orthogonal to mine.

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Hi Max, > On Dec 7, 2017, at 6:46 AM, Max Kellermann wrote: > > When the qla2xxx firmware is unavailable, eventually > qla2x00_sp_timeout() is reached, which calls the timeout function and > frees the srb_t instance. > > The timeout function always resolves to

Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

Hi Max, > On Dec 7, 2017, at 6:46 AM, Max Kellermann wrote: > > When the qla2xxx firmware is unavailable, eventually > qla2x00_sp_timeout() is reached, which calls the timeout function and > frees the srb_t instance. > > The timeout function always resolves to qla2x00_async_iocb_timeout(), >

[PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

When the qla2xxx firmware is unavailable, eventually qla2x00_sp_timeout() is reached, which calls the timeout function and frees the srb_t instance. The timeout function always resolves to qla2x00_async_iocb_timeout(), which invokes another callback function called "done". All of these

[PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout

When the qla2xxx firmware is unavailable, eventually qla2x00_sp_timeout() is reached, which calls the timeout function and frees the srb_t instance. The timeout function always resolves to qla2x00_async_iocb_timeout(), which invokes another callback function called "done". All of these