nbd: fix race between timeout and normal completion - kernel/linux.git

diff options

author	Ming Lei <ming.lei@redhat.com>	2024-08-30 06:41:45 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-10-04 17:37:31 +0300
commit	9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc (patch)
tree	ca4e0f5127802bcb75c417bf67da6a47ea5af305 /block
parent	aeef136bc54bbc8a19895ef6d66d74e3ee38281d (diff)
download	linux-9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc.tar.xz

nbd: fix race between timeout and normal completion

[ Upstream commit c9ea57c91f03bcad415e1a20113bdb2077bcf990 ] If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime make sure that cmd->lock is grabbed for clearing the flag and the requeue. Cc: Josef Bacik <josef@toxicpanda.com> Cc: Yu Kuai <yukuai3@huawei.com> Fixes: 2895f1831e91 ("nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed") Signed-off-by: Ming Lei <ming.lei@redhat.com> Reviewed-by: Yu Kuai <yukuai3@huawei.com> Link: https://lore.kernel.org/r/20240830034145.1827742-1-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'block')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: