[PATCH rfc] nvme: support io stats on the mpath device
Jens Axboe
axboe at kernel.dk
Thu Sep 29 08:07:35 PDT 2022
On 9/29/22 4:04 AM, Sagi Grimberg wrote:
> index 9bacfd014e3d..f42e6e40d84b 100644
>> --- a/drivers/nvme/host/core.c
>> +++ b/drivers/nvme/host/core.c
>> @@ -385,6 +385,8 @@ static inline void nvme_end_req(struct request *req)
>> ????? nvme_end_req_zoned(req);
>> ????? nvme_trace_bio_complete(req);
>> ????? blk_mq_end_request(req, status);
>> +??? if (req->cmd_flags & REQ_NVME_MPATH)
>> +??????? nvme_mpath_end_request(req);
>
> I guess the order should probably be reversed, because after
> blk_mq_end_request req may become invalid and create UAF?
Yes - blk_mq_end_request() will put the tag, it could be reused by the
time you call nvme_mpath_end_request(). It won't be a UAF as the
requests are allocated upfront and never freed, but the state will be
uncertain at that point.
--
Jens Axboe
More information about the Linux-nvme
mailing list