Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4749206pxf; Tue, 30 Mar 2021 16:33:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdlfUfR0RJaQmn5qU+LTrcda+Xy3cOMpC1Pp40G1LgVUelqCsoSGJWTg4Bg7EvOPjKb6iO X-Received: by 2002:a05:6402:12d5:: with SMTP id k21mr346199edx.318.1617147198989; Tue, 30 Mar 2021 16:33:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617147198; cv=none; d=google.com; s=arc-20160816; b=Dc1i/H56oAfxfqcGZL7U2QkFllfDaEPbH13UJn4BbOzl6uvlrJcoRUBBdwiiigEirm ssz88G1HP4D8P3UzXWa3q6GysErivLXNtmxiOxTjBTuttTlYcXuBVRDUgbEV9vbjMQwY VMaOkjaEPOCxMwTRGizHuyYJNW6qpXQgCap43PHEjutcX9rqvM4s0iO4JVYXfcASwqji K9TB4cg0oT1Hs+TaimsVSeq13LerpalyZ3CuWiBNnN2JWwFvNO9y8QlOZ73zk8LbCvGk 5BQEsXFxsrZ4Wni12APoAy/UtlXhEAw6ZYepdSzbfsF2W5m0t/KAVsxLvIQZZKrSXcT8 TX6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=nYlNgf/Wbsrk2Vr/h3H5jDTBiZdQjPSRMAGMEhAo+U4=; b=x7MdwajBE+n8HT3kIC1ZokUPOJ9qh97xRYVzFJr/Z8AvRTblROMAjNaOU5R6lxriYG u7sqpifvUZ/5RJpAukzTSWZuHIMBRfyGE0Ve6hzbmcgl/dSkQQdskgcCtd9tLF50HKGj zbWSA05XUcPbgLu4dShKa0Y0fhIdP7UdwnTSRmSMLed+kycjNk+Lv+E47X251HQMIAv4 y7t/F4ZTQUHSGr5n6cfYxsytF45Vj96AuyF/oBze1voyHb7kFngoBINg0YzhsxNQCOJW cMDzYeLvujmFx35p05FmD4b6hbjON/CaNEphDrhQplDAyZ2U/e0lFCvtUbNTh4tXP8ST 5nyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oVnxqmEx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jv2si254391ejc.161.2021.03.30.16.32.56; Tue, 30 Mar 2021 16:33:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oVnxqmEx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232584AbhC3X23 (ORCPT + 99 others); Tue, 30 Mar 2021 19:28:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:36052 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232661AbhC3X2Q (ORCPT ); Tue, 30 Mar 2021 19:28:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 320D1619C5; Tue, 30 Mar 2021 23:28:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1617146895; bh=JKd1VbmOyIxeYYnhoR9PcFkCGIARvQmU3qkgyQeXv8o=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=oVnxqmExzEUKexrN+MwPe7c5hHq04spz3fIULCOflsuql5m/Ri/Egsjj28bhJo9yI No5R3/f3rMxkMIPWhPaavTIAAXUCnEOq10zJQfmc09jexwwNzPYtQEing32+03PiDW CtxmKCkALSsLn0/3ERWxqFWRjhNcayjSjOul0kApt7odjU7YbyzSyJ96Ok1dr4smxM zk3miGcMU+Q2KwtgEC7QinlIEOHRrsThNf6m72kvZ7DCoZDJ2ts4ypib73/P3I6dAs oZ6yDTxzJEfVyt9e92cYbRWKPV7fZ0WW7+ABr1b1OFbX8wE+0q4zqaK0V74Xp89hBb Y6KCvZx+O26Xw== Date: Tue, 30 Mar 2021 16:28:13 -0700 From: Keith Busch To: Sagi Grimberg Cc: "Ewan D. Milne" , Daniel Wagner , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, Jens Axboe , Hannes Reinecke , Christoph Hellwig Subject: Re: [PATCH v2] nvme-tcp: Check if request has started before processing it Message-ID: <20210330232813.GA1935968@dhcp-10-100-145-180.wdc.com> References: <20210301175601.116405-1-dwagner@suse.de> <6b51a989-5551-e243-abda-5872411ec3ff@grimberg.me> <20210311094345.ogm2lxqfuszktuhp@beryllium.lan> <70af5b02-10c1-ab0b-1dfc-5906216871b4@grimberg.me> <2fc7a320c86f75507584453dd2fbd744de5c170d.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 30, 2021 at 10:34:25AM -0700, Sagi Grimberg wrote: > > > > It is, but in this situation, the controller is sending a second > > > completion that results in a use-after-free, which makes the > > > transport irrelevant. Unless there is some other flow (which is > > > unclear > > > to me) that causes this which is a bug that needs to be fixed rather > > > than hidden with a safeguard. > > > > > > > The kernel should not crash regardless of any network traffic that is > > sent to the system. It should not be possible to either intentionally > > of mistakenly contruct packets that will deny service in this way. > > This is not specific to nvme-tcp. I can build an rdma or pci controller > that can trigger the same crash... I saw a similar patch from Hannes > implemented in the scsi level, and not the individual scsi transports.. If scsi wants this too, this could be made generic at the blk-mq level. We just need to make something like blk_mq_tag_to_rq(), but return NULL if the request isn't started. > I would also mention, that a crash is not even the scariest issue that > we can see here, because if the request happened to be reused we are > in the silent data corruption realm... If this does happen, I think we have to come up with some way to mitigate it. We're not utilizing the full 16 bits of the command_id, so maybe we can append something like a generation sequence number that can be checked for validity.