[PATCH] nvme-pci: check for valid request when polling for completions
Sagi Grimberg
sagi at grimberg.me
Mon Sep 2 10:04:11 PDT 2024
On 02/09/2024 16:07, Hannes Reinecke wrote:
> When polling for completions from the timeout handler we traverse
> over _all_ cqes, and the fetching the request via blk_mq_tag_to_rq().
> Unfortunately that function will always return a request, even if
> that request is already completed.
> So we need to check if the command is still in flight before
> attempting to complete it.
Hannes, are you able to trigger a use-after-free here? That is the
inevitable outcome of completing an already completed request.
So, why are you not calling it as it is?
Was this seen in practice? do you have a stack trace?
I ask for this because it makes the review a lot clearer.
More information about the Linux-nvme
mailing list