nvme-tcp: fix a possible UAF when failing to send request
Maurizio Lombardi
mlombard at bsdbackstore.eu
Wed Feb 12 00:23:26 PST 2025
On Wed Feb 12, 2025 at 9:11 AM CET, Maurizio Lombardi wrote:
> Hello, could you try this patch?
>
> Concurrent calls to try_recv() should already be protected by
> sock_lock.
>
> + mutex_lock(&queue->send_mutex);
> nvme_tcp_try_recv(queue);
> + r = queue->nr_cqe;
> + mutex_unlock(&queue->send_mutex);
Well, reading nr_cqe like this is still racy, but should be a minor
issue and not hard to fix.
Maurizio
More information about the Linux-nvme
mailing list