From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from esa5.hgst.iphmx.com ([216.71.153.144]:42279 "EHLO esa5.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751118AbdECQSF (ORCPT ); Wed, 3 May 2017 12:18:05 -0400 From: Bart Van Assche To: "jack@suse.cz" CC: "linux-scsi@vger.kernel.org" , "James.Bottomley@HansenPartnership.com" , "scott.bauer@intel.com" , "hch@lst.de" , "hare@suse.com" , "martin.petersen@oracle.com" , "stable@vger.kernel.org" Subject: Re: [PATCH] Avoid that scsi_exit_rq() triggers a use-after-free Date: Wed, 3 May 2017 16:18:03 +0000 Message-ID: <1493828282.3901.9.camel@sandisk.com> References: <20170502174330.13146-1-bart.vanassche@sandisk.com> <20170503075416.GA10084@quack2.suse.cz> In-Reply-To: <20170503075416.GA10084@quack2.suse.cz> Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-ID: <4194EF592024574C86C88F21F2B45E8C@namprd04.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org List-ID: On Wed, 2017-05-03 at 09:54 +0200, Jan Kara wrote: > Hum, since this didn't quite work out, how about storing that one bit of > information that scsi_exit_rq() needs from shost inside scsi_cmnd during > scsi_init_rq()? Hello Jan, All what's missing from the patch I posted is a execute_in_process_context(= ) scsi_host_dev_release() call execute in a context where sleeping is allowed= . What you proposed is something I had considered but that I had not yet trie= d to implement because it requires more changes. Anyway, I'll give that appro= ach a try since it does not require to introduce a new work_struct. Bart.=