[PATCH 0/8] blk-mq: fix request UAF related with iterating over tagset requests
Ming Lei
ming.lei at redhat.com
Sun Apr 25 10:27:34 BST 2021
On Sun, Apr 25, 2021 at 04:57:45PM +0800, Ming Lei wrote:
> Hi Guys,
>
> Revert 4 patches from Bart which try to fix request UAF issue related
> with iterating over tagset wide requests, because:
>
> 1) request UAF caused by normal completion vs. async completion during
> iterating can't be covered[1]
>
> 2) clearing ->rqs[] is added in fast path, which causes performance loss
> by 1% according to Bart's test
>
> 3) Bart's approach is too complicated, and some changes aren't needed,
> such as adding two versions of tagset iteration
4) synchronize_rcu() is added before shutting down one request queue,
which may slow down reboot/poweroff very much on big systems with lots of
HBAs in which lots of LUNs are attached.
5) freeing request pool in updating nr_requests isn't covered.
Thanks,
Ming
More information about the Linux-nvme
mailing list