Re: [PATCH] zfcp: fix use-after-free in request timeout handlers

On Thu, 13 Aug 2020 17:28:56 +0200, Steffen Maier wrote:

Before v4.15 commit 75492a51568b ("s390/scsi: Convert timers to use timer_setup()"), we intentionally only passed zfcp_adapter as context argument to zfcp_fsf_request_timeout_handler(). Since we only trigger adapter recovery, it was unnecessary to sync against races between timeout and (late) completion. Likewise, we only passed zfcp_erp_action as context argument to zfcp_erp_timeout_handler(). Since we only wakeup an ERP action, it was unnecessary to sync against races between timeout and (late) completion.

[...]

Applied to 5.9/scsi-fixes, thanks!

[1/1] scsi: zfcp: Fix use-after-free in request timeout handlers https://git.kernel.org/mkp/scsi/c/2d9a2c5f581b