Re: nvme-tcp: fix a possible UAF when failing to send request【请注意,邮件由sagigrim at gmail.com代发】
Maurizio Lombardi
mlombard at bsdbackstore.eu
Thu Mar 13 02:01:07 PDT 2025
On Thu Mar 13, 2025 at 9:31 AM CET, zhang.guanghui at cestc.cn wrote:
> Hi,
> in fact, the nvme_tcp_try_send() failure, the target may send C2HTermReq immediately. while the host receives the C2HTermReq and still starting error recovery.
> so when queue->rd_enabled is false, can avoid starting error recovery agagin.
Not all targets send C2HTermReq (for example, the Linux target doesn't
at the moment) so you can't rely on that.
In any case, calling nvme_tcp_error_recovery() twice is harmless;
the first call moves the controller to the resetting state, the second
call is ignored.
Maurizio
More information about the Linux-nvme
mailing list