From: Christoph Hellwig Date: Thu, 18 Aug 2016 18:16:35 +0000 (-0700) Subject: nvme-fabrics: get a reference when reusing a nvme_host structure X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=98096d8a787f05b1afe3869aa01e84981915c81d;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git nvme-fabrics: get a reference when reusing a nvme_host structure Without this we'll get a use after free after connecting two controller using the same hostnqn and then disconnecting one of them. Signed-off-by: Christoph Hellwig Reviewed-by: Jay Freyensee Signed-off-by: Sagi Grimberg --- diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c index be0b1067c9fa..4eff49174466 100644 --- a/drivers/nvme/host/fabrics.c +++ b/drivers/nvme/host/fabrics.c @@ -47,8 +47,10 @@ static struct nvmf_host *nvmf_host_add(const char *hostnqn) mutex_lock(&nvmf_hosts_mutex); host = __nvmf_host_find(hostnqn); - if (host) + if (host) { + kref_get(&host->ref); goto out_unlock; + } host = kmalloc(sizeof(*host), GFP_KERNEL); if (!host)