[PATCH v2 0/3] nvme-[tcp|rdma] fix for possible use-after-free
Sagi Grimberg
sagi at grimberg.me
Tue Feb 1 04:54:18 PST 2022
A few use-after-free reports were seen in the wild with nvme-tcp when testing
ctrl reset and error recovery under load. Analysis shows that the exact same
use-after-free can happen with nvme-rdma as well. This patch series addresses
these issues for both.
Changes from v1:
- Move ctrl->state check from driver(s) .submit_async_event to core
nvme_async_event_work (so need a single patch, not one per driver).
- omit queue state from the check - it is redundant, the ctrl state
check is sufficient
Sagi Grimberg (3):
nvme: fix a possible use-after-free in controller reset during load
nvme-tcp: fix possible use-after-free in transport error_recovery work
nvme-rdma: fix possible use-after-free in transport error_recovery
work
drivers/nvme/host/core.c | 2 ++
drivers/nvme/host/rdma.c | 1 +
drivers/nvme/host/tcp.c | 1 +
3 files changed, 4 insertions(+)
--
2.30.2
More information about the Linux-nvme
mailing list