[PATCH 0/8] blk-mq: fix request UAF related with iterating over tagset requests
Bart Van Assche
bvanassche at acm.org
Sun Apr 25 21:53:16 BST 2021
On 4/25/21 2:27 AM, Ming Lei wrote:
> On Sun, Apr 25, 2021 at 04:57:45PM +0800, Ming Lei wrote:
>> Revert 4 patches from Bart which try to fix request UAF issue related
>> with iterating over tagset wide requests, because:
Where were you during the four weeks that my patch series was out for
review? I haven't seen any feedback from you on my patch series.
>> 1) request UAF caused by normal completion vs. async completion during
>> iterating can't be covered[1]
I do not agree with the above. Patches 5/8 and 6/8 from this series can
be applied without reverting any of my patches.
> 4) synchronize_rcu() is added before shutting down one request queue,
> which may slow down reboot/poweroff very much on big systems with lots of
> HBAs in which lots of LUNs are attached.
The synchronize_rcu() can be removed by using a semaphore
(<linux/semaphore.h>) instead of an RCU reader lock inside bt_tags_iter().
> 5) freeing request pool in updating nr_requests isn't covered.
This can be addressed easily on top of my patch series.
Bart.
More information about the Linux-nvme
mailing list