Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket.

From: Christoph Hellwig
Date: Wed Apr 09 2025 - 04:45:32 EST

Next message: Xiao Ni: "Re: [PATCH RFC] md: fix is_mddev_idle()"
Previous message: Christoph Hellwig: "Re: [PATCH] nvmet-tcp: switch to using the crc32c library"
In reply to: Kuniyuki Iwashima: "[PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Next in thread: Kuniyuki Iwashima: "Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks, applied to nvme-6.15.

> To fix such problems, let's hold netns ref by sk_net_refcnt_upgrade().
>
> We had the same issue in CIFS, SMC, etc, and applied the same
> solution, see commit ef7134c7fc48 ("smb: client: Fix use-after-free
> of network namespace.") and commit 9744d2bf1976 ("smc: Fix
> use-after-free in tcp_write_timer_handler().").

I wish the netns APIs would be a little more robus to prevent these
bugs from creeping in everywhere..

Next message: Xiao Ni: "Re: [PATCH RFC] md: fix is_mddev_idle()"
Previous message: Christoph Hellwig: "Re: [PATCH] nvmet-tcp: switch to using the crc32c library"
In reply to: Kuniyuki Iwashima: "[PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Next in thread: Kuniyuki Iwashima: "Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]