Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket.

From: Kuniyuki Iwashima
Date: Wed Apr 09 2025 - 15:06:15 EST

Next message: Stephan Gerhold: "Re: [PATCH] serial: msm: Configure correct working mode before starting earlycon"
Previous message: Kuan-Wei Chiu: "Re: [PATCH v4 03/13] media: pci: cx18-av-vbi: Replace open-coded parity calculation with parity_odd()"
In reply to: Christoph Hellwig: "Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Next in thread: Sagi Grimberg: "Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Christoph Hellwig <hch@xxxxxx>
Date: Wed, 9 Apr 2025 10:44:46 +0200
> Thanks, applied to nvme-6.15.

Thanks!

>
> > To fix such problems, let's hold netns ref by sk_net_refcnt_upgrade().
> >
> > We had the same issue in CIFS, SMC, etc, and applied the same
> > solution, see commit ef7134c7fc48 ("smb: client: Fix use-after-free
> > of network namespace.") and commit 9744d2bf1976 ("smc: Fix
> > use-after-free in tcp_write_timer_handler().").
>
> I wish the netns APIs would be a little more robus to prevent these
> bugs from creeping in everywhere..

Can't agree more!

Actually, last year I tried to clean up such APIs to prevent this type
of issue.
https://lore.kernel.org/netdev/20241213092152.14057-1-kuniyu@xxxxxxxxxx/

I'll revise this in this cycle once the fix reaches net tree.

Next message: Stephan Gerhold: "Re: [PATCH] serial: msm: Configure correct working mode before starting earlycon"
Previous message: Kuan-Wei Chiu: "Re: [PATCH v4 03/13] media: pci: cx18-av-vbi: Replace open-coded parity calculation with parity_odd()"
In reply to: Christoph Hellwig: "Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Next in thread: Sagi Grimberg: "Re: [PATCH] nvme-tcp: Fix use-after-free of netns by kernel TCP socket."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]