[PATCH 4/4] nvmet: Add feature close connection from target side
Sagi Grimberg
sagi at grimberg.me
Thu Nov 16 07:49:42 PST 2017
>> What guarantees that calling delete_ctrl is safe here? Controllers can
>> be freed under various conditions (client disconnect, fatal_error,
>> device removal). What protects from user initiated force_close hitting
>> a use-after-free condition?
>
> The fact that I call nvmet_ctrl_configfs_del() at nvmet_ctrl_free()
> before freeing the controller guarantees
> that the user will not see the controller at the filesystem after this
> point.
> The second thing is that configfs_unregister_group() should wait for all
> the user calls on the controller to finish.
> I don't see a difference between nvmet_ctrl_trsvcid_show() and
> nvmet_ctrl_force_close_store() (both are synchronous functions).
>
> Regarding the races that you mentioned with client disconnect,
> fatal_error ...
> __nvmet_rdma_queue_disconnect() is protected with a state lock.
The point is that ->delete_ctrl() is not designed to be safe for
calling it multiple times (although it might be the case for rdma) and
the code assumes that (which is wrong).
You need to call it conditionally. See what is done in
nvmet_ctrl_fatal_error()
More information about the Linux-nvme
mailing list