nvme: remove ns sibling before clearing path
The code had been clearing a namespace being deleted as the current path while that namespace was still in the path siblings list. It is possible a new IO could set that namespace back to the current path since it appeared to be an eligable path to select, which may result in a use-after-free error. This patch ensures a namespace being removed is not eligable to be reset as a current path prior to clearing it as the current path. Signed-off-by: Keith Busch <keith.busch@intel.com> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Christoph Hellwig <hch@lst.de>
This commit is contained in:
parent
133424a207
commit
48f78be332
@ -3143,8 +3143,8 @@ static void nvme_ns_remove(struct nvme_ns *ns)
|
||||
}
|
||||
|
||||
mutex_lock(&ns->ctrl->subsys->lock);
|
||||
nvme_mpath_clear_current_path(ns);
|
||||
list_del_rcu(&ns->siblings);
|
||||
nvme_mpath_clear_current_path(ns);
|
||||
mutex_unlock(&ns->ctrl->subsys->lock);
|
||||
|
||||
down_write(&ns->ctrl->namespaces_rwsem);
|
||||
|
Loading…
Reference in New Issue
Block a user