Re: nvme-tcp: fix a possible UAF when failing to send request

From: Maurizio Lombardi
Date: Wed Feb 12 2025 - 03:24:43 EST

Next message: Bastien Curutchet (eBPF Foundation): "[PATCH net 0/2] rtnetlink: Fix small memory leaks"
Previous message: Taniya Das: "[PATCH v3 4/4] arm64: dts: qcom: qcs6490-rb3gen2: Update the LPASS audio node"
In reply to: Maurizio Lombardi: "Re: nvme-tcp: fix a possible UAF when failing to send request"
Next in thread: Maurizio Lombardi: "Re: nvme-tcp: fix a possible UAF when failing to send request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed Feb 12, 2025 at 9:11 AM CET, Maurizio Lombardi wrote:
> Hello, could you try this patch?
>
> Concurrent calls to try_recv() should already be protected by
> sock_lock.
>
> + mutex_lock(&queue->send_mutex);
> nvme_tcp_try_recv(queue);
> + r = queue->nr_cqe;
> + mutex_unlock(&queue->send_mutex);

Well, reading nr_cqe like this is still racy, but should be a minor
issue and not hard to fix.

Maurizio

Next message: Bastien Curutchet (eBPF Foundation): "[PATCH net 0/2] rtnetlink: Fix small memory leaks"
Previous message: Taniya Das: "[PATCH v3 4/4] arm64: dts: qcom: qcs6490-rb3gen2: Update the LPASS audio node"
In reply to: Maurizio Lombardi: "Re: nvme-tcp: fix a possible UAF when failing to send request"
Next in thread: Maurizio Lombardi: "Re: nvme-tcp: fix a possible UAF when failing to send request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]