Re: nvme-tcp: fix a possible UAF when failing to send request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Maurizio Lombardi" <mlombard@xxxxxxxxxxxxxxx>, "zhang.guanghui@xxxxxxxx" <zhang.guanghui@xxxxxxxx>, "chunguang.xu" <chunguang.xu@xxxxxxxxxx>
Subject: Re: nvme-tcp: fix a possible UAF when failing to send request
From: "Maurizio Lombardi" <mlombard@xxxxxxxxxxxxxxx>
Date: Wed, 12 Feb 2025 09:23:26 +0100
Cc: "mgurtovoy" <mgurtovoy@xxxxxxxxxx>, "sagi" <sagi@xxxxxxxxxxx>, "kbusch" <kbusch@xxxxxxxxxx>, "sashal" <sashal@xxxxxxxxxx>, "linux-kernel" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-nvme" <linux-nvme@xxxxxxxxxxxxxxxxxxx>, "linux-block" <linux-block@xxxxxxxxxxxxxxx>
In-reply-to: <D7QBDBZMZTCI.1W40WVL5JJ3O7@bsdbackstore.eu>
References: <2025021015413817916143@cestc.cn> <D7OOGIOAJRUH.9LOJ3X4IUKQV@bsdbackstore.eu> <3f1f7ec3-cb49-4d66-b2b0-57276a6c62f0@nvidia.com> <D7OWXONOUZ1Y.19KIRCQDVRTKN@bsdbackstore.eu> <CAAO4dAWdsMjYMp9jdWXd_48aG0mTtVpRONqjJJ1scnc773tHzg@mail.gmail.com> <202502111604342976121@cestc.cn> <D7QBDBZMZTCI.1W40WVL5JJ3O7@bsdbackstore.eu>

On Wed Feb 12, 2025 at 9:11 AM CET, Maurizio Lombardi wrote:
> Hello, could you try this patch?
>
> Concurrent calls to try_recv() should already be protected by
> sock_lock.
>
> +	mutex_lock(&queue->send_mutex);
>  	nvme_tcp_try_recv(queue);
> +	r = queue->nr_cqe;
> +	mutex_unlock(&queue->send_mutex);

Well, reading nr_cqe like this is still racy, but should be a minor
issue and not hard to fix.

Maurizio

References:
- nvme-tcp: fix a possible UAF when failing to send request
  - From: zhang.guanghui@xxxxxxxx
- Re: nvme-tcp: fix a possible UAF when failing to send request
  - From: Maurizio Lombardi
- Re: nvme-tcp: fix a possible UAF when failing to send request
  - From: Max Gurtovoy
- Re: nvme-tcp: fix a possible UAF when failing to send request
  - From: Maurizio Lombardi
- Re: Re: nvme-tcp: fix a possible UAF when failing to send request
  - From: zhang.guanghui@xxxxxxxx
- Re: nvme-tcp: fix a possible UAF when failing to send request
  - From: Maurizio Lombardi

Prev by Date: Re: nvme-tcp: fix a possible UAF when failing to send request
Next by Date: [PATCH] block: Check blkg_to_lat return value to avoid NULL dereference
Previous by thread: Re: nvme-tcp: fix a possible UAF when failing to send request
Next by thread: Re: nvme-tcp: fix a possible UAF when failing to send request
Index(es):
- Date
- Thread

[Index of Archives] [Linux RAID] [Linux SCSI] [Linux ATA RAID] [IDE] [Linux Wireless] [Linux Kernel] [ATH6KL] [Linux Bluetooth] [Linux Netdev] [Kernel Newbies] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Device Mapper]