[PATCH 1/1] nvme: fix use after free when disconnect a reconnecting ctrl
Sagi Grimberg
sagi at grimberg.me
Sun Nov 14 02:20:57 PST 2021
>>>> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
>>>> index 838b5e2058be..752203ad7639 100644
>>>> --- a/drivers/nvme/host/core.c
>>>> +++ b/drivers/nvme/host/core.c
>>>> @@ -666,6 +666,7 @@ blk_status_t nvme_fail_nonready_command(struct
>>>> nvme_ctrl *ctrl,
>>>> struct request *rq)
>>>> {
>>>> if (ctrl->state != NVME_CTRL_DELETING_NOIO &&
>>>> + ctrl->state != NVME_CTRL_DELETING &&
>>>
>>> Please explain why you need this change? As suggested by the name
>>> only DELETING_NOIO does not accept I/O, and if we return
>>> BLK_STS_RESOURCE we can get into an endless loop of resubmission.
>>
>> I just added the handling of the DELETING state here, did not modify
>> the DELETING_NOIO case.
>>
>> Thanks,
>> Ruozhu
>>
> I'm not sure if I explained it clearly, my English is not very good.
>
> If you think there is still a problem with this patch, please tell me.
Naa, re-thinking this I think it's reasonable to complete the command
for DELETING if the queue is not live...
Reviewed-by: Sagi Grimberg <sagi at grimberg.me>
More information about the Linux-nvme
mailing list