Searched hist:"818 b9b8f" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/qemu/hw/nvme/ |
| H A D | ctrl.c | 818b9b8f Thu Nov 10 00:59:50 CST 2022 Klaus Jensen <k.jensen@samsung.com> hw/nvme: fix aio cancel in dsm
When the DSM operation is cancelled asynchronously, we set iocb->ret to
-ECANCELED. However, the callback function only checks the return value
of the completed aio, which may have completed succesfully prior to the
cancellation and thus the callback ends up continuing the dsm operation
instead of bailing out. Fix this.
Secondly, fix a potential use-after-free by removing the bottom half and
enqueuing the completion directly.
Fixes: d7d1474fd85d ("hw/nvme: reimplement dsm to allow cancellation")
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
|