From: Jens Axboe <axboe@kernel.dk>
To: Sagi Grimberg <sagi@grimberg.me>, linux-nvme@lists.infradead.org
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
Chaitanya Kulkarni <Chaitanya.Kulkarni@wdc.com>,
linux-block@vger.kernel.org, Hannes Reinecke <hare@suse.de>
Subject: Re: [PATCH rfc] nvme: support io stats on the mpath device
Date: Thu, 29 Sep 2022 09:07:35 -0600 [thread overview]
Message-ID: <cfdf4e12-a855-49c1-2c65-7e49c24cd2c1@kernel.dk> (raw)
In-Reply-To: <4588d1b8-c2e1-bebd-3aaf-29f94cff6adf@grimberg.me>
On 9/29/22 4:04 AM, Sagi Grimberg wrote:
> index 9bacfd014e3d..f42e6e40d84b 100644
>> --- a/drivers/nvme/host/core.c
>> +++ b/drivers/nvme/host/core.c
>> @@ -385,6 +385,8 @@ static inline void nvme_end_req(struct request *req)
>> ????? nvme_end_req_zoned(req);
>> ????? nvme_trace_bio_complete(req);
>> ????? blk_mq_end_request(req, status);
>> +??? if (req->cmd_flags & REQ_NVME_MPATH)
>> +??????? nvme_mpath_end_request(req);
>
> I guess the order should probably be reversed, because after
> blk_mq_end_request req may become invalid and create UAF?
Yes - blk_mq_end_request() will put the tag, it could be reused by the
time you call nvme_mpath_end_request(). It won't be a UAF as the
requests are allocated upfront and never freed, but the state will be
uncertain at that point.
--
Jens Axboe
next prev parent reply other threads:[~2022-09-29 15:07 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-28 19:55 [PATCH rfc 0/1] nvme-mpath: Add IO stats support Sagi Grimberg
2022-09-28 19:55 ` [PATCH rfc] nvme: support io stats on the mpath device Sagi Grimberg
2022-09-29 9:42 ` Max Gurtovoy
2022-09-29 9:59 ` Sagi Grimberg
2022-09-29 10:25 ` Max Gurtovoy
2022-09-29 15:03 ` Keith Busch
2022-09-29 16:14 ` Sagi Grimberg
2022-09-30 15:21 ` Keith Busch
2022-10-03 8:09 ` Sagi Grimberg
2022-10-25 15:30 ` Christoph Hellwig
2022-10-25 15:58 ` Sagi Grimberg
2022-10-30 16:22 ` Christoph Hellwig
2022-09-29 16:32 ` Sagi Grimberg
2022-09-30 15:16 ` Keith Busch
2022-10-03 8:02 ` Sagi Grimberg
2022-10-03 9:32 ` Sagi Grimberg
2022-09-29 15:05 ` Jens Axboe
2022-09-29 16:25 ` Sagi Grimberg
2022-09-30 0:08 ` Jens Axboe
2022-10-03 8:35 ` Sagi Grimberg
2022-09-29 10:04 ` Sagi Grimberg
2022-09-29 15:07 ` Jens Axboe [this message]
2022-10-03 8:38 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfdf4e12-a855-49c1-2c65-7e49c24cd2c1@kernel.dk \
--to=axboe@kernel.dk \
--cc=Chaitanya.Kulkarni@wdc.com \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).