lib/vhost: Don't dereference svdev->name in dev_remove.
If the vdev is marked for hotremove, it is possible that the name has already been freed resulting in a heap use after free, so remove the warning about a vdev being marked for hotremove to avoid a segfault when removing a device. This was observed in the vhost fuzz tests. Signed-off-by: Seth Howell <seth.howell@intel.com> Change-Id: I2891ca2bee70d72fb7b0dff96d569e9b92fe84eb Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/2071 Community-CI: Mellanox Build Bot Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Reviewed-by: Darek Stojaczyk <dariusz.stojaczyk@intel.com> Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
This commit is contained in:
parent
6607e124c1
commit
3bd113eae7
@ -1121,18 +1121,17 @@ spdk_vhost_scsi_dev_remove_tgt(struct spdk_vhost_dev *vdev, unsigned scsi_tgt_nu
|
||||
svdev = to_scsi_dev(vdev);
|
||||
assert(svdev != NULL);
|
||||
scsi_dev_state = &svdev->scsi_dev_state[scsi_tgt_num];
|
||||
|
||||
if (scsi_dev_state->status != VHOST_SCSI_DEV_PRESENT) {
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
if (scsi_dev_state->dev == NULL || scsi_dev_state->status == VHOST_SCSI_DEV_ADDING) {
|
||||
SPDK_ERRLOG("%s: SCSI target %u is not occupied\n", vdev->name, scsi_tgt_num);
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
assert(scsi_dev_state->status != VHOST_SCSI_DEV_EMPTY);
|
||||
if (scsi_dev_state->status != VHOST_SCSI_DEV_PRESENT) {
|
||||
SPDK_WARNLOG("%s: SCSI target %u has been already marked for hotremoval.\n",
|
||||
vdev->name, scsi_tgt_num);
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
ctx = calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) {
|
||||
SPDK_ERRLOG("calloc failed\n");
|
||||
|
Loading…
Reference in New Issue
Block a user