Re: nvme-tcp: fix a possible UAF when failing to send request

From: Maurizio Lombardi
Date: Wed Feb 12 2025 - 03:24:43 EST


On Wed Feb 12, 2025 at 9:11 AM CET, Maurizio Lombardi wrote:
> Hello, could you try this patch?
>
> Concurrent calls to try_recv() should already be protected by
> sock_lock.
>
> + mutex_lock(&queue->send_mutex);
> nvme_tcp_try_recv(queue);
> + r = queue->nr_cqe;
> + mutex_unlock(&queue->send_mutex);

Well, reading nr_cqe like this is still racy, but should be a minor
issue and not hard to fix.

Maurizio