Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3774504rwb; Tue, 20 Sep 2022 04:42:22 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5wPAtBFFIYXMLgcXsJPltFa7l/qDAl0eBbvKv0xIPir+Rt/vbi1RGCtnexSeyDaOH0/t7C X-Received: by 2002:a17:906:58d5:b0:780:1b16:ca3b with SMTP id e21-20020a17090658d500b007801b16ca3bmr16034092ejs.419.1663674142107; Tue, 20 Sep 2022 04:42:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663674142; cv=none; d=google.com; s=arc-20160816; b=V13rNF1frVacJ9Zb8ArPTARh0jslbtYhC8tc0HEQweXPOflVdHTO70RSznvhgFg3l9 NIPb5UXsh2xEUjjV+b+XAxaxfKaNqojWLHytX4qht7Xr24Sg543ltRWX1l+P6Mos2Dcj W3bQpISD6nxGYOVQoAw4euq2kU5zmJa89cfw3ZqwU40kUCpjJ1tGcClFU/YFn693btFs IcusOjEvIOFJmEzD/LKH21SZvpcElRQu1Mu2nyTCtHuzoKGfp1vZOLBoKv88Z+IDXD2c aH4YD8fwNQ/uKFE6Y490yoNyYLhvYHB5E52zDsba+Jsf54uhjmPxypbsB4qhZ0u4klaj uuUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=URWCXNQ5YHvkyCvX5bdKcCLQ4Piclp57iUCltD9+ciE=; b=ayGk0B8vKs2kwyEjFuFYyyn4GsHER5+94WwZ9GibQgc3Jilw4XvSslXseKwW2NF5Xd n6Ig8MvB25SkivbVtaKIU0ZHqJTOpIY45hCasCpKH1BVvKu9qki6tfCwdpSFCnhQmZ8L z7/F3LBh49A3Oz1xCirv+JiqtiKfhsQKhqc2kskjrSKyyL4npSB6HypT2SUm3OXqinoW xa7SR6xhqJun6cXdXQBGc323l/UZ1o/r6mb7HuVMKlahVBerFdskDE7Wi4BNLJ15SHtJ 1wsPvore2Ue6D3ZX3yszVzUp5ZbCgZdWPCqsyoFTyqTAYOhPiETQ1F1KgB1khXZerTpj RXtA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ot10-20020a170906ccca00b007707ab4be26si970283ejb.967.2022.09.20.04.41.56; Tue, 20 Sep 2022 04:42:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230148AbiITL3v (ORCPT + 99 others); Tue, 20 Sep 2022 07:29:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46136 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230003AbiITL3o (ORCPT ); Tue, 20 Sep 2022 07:29:44 -0400 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8FE8E098 for ; Tue, 20 Sep 2022 04:29:41 -0700 (PDT) Received: by mail-wm1-f54.google.com with SMTP id az6so1682382wmb.4 for ; Tue, 20 Sep 2022 04:29:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date; bh=URWCXNQ5YHvkyCvX5bdKcCLQ4Piclp57iUCltD9+ciE=; b=BNAxgRxJiocsUdSPLR3bOkydphJZfD2kDx3KtFtYpdyRXGllVQTGfsHJFYR5dNOZaa tjTqW6uCzPt2L8IyX9irmsY7QFpxqv7zBaPRYRdyHoi469IT6jcxASd1pn42GSPeYe6k tI2kRC/2lEy5aKUbrFqZntowPm825SkYXOoRi0U4RTcaJNTeiM1xa73G+FIMOLB6UnaF GtY+qJv0r3BTKJqHAxuZXM4+Uu9CgF3Jpumq2McrHfOISU8mSSOG1lqsXhCzhqPLpaCy 8OLQfC4zz6mUI5/baJZxIE18vOHyZPzA8bAW1uCwR1sqgyToPOZgZfyJYZ11l8pc9v5R lyAw== X-Gm-Message-State: ACrzQf0SG5Omve6KsbbL6dgDQZW6NxTnpHaTzZWFgL8GQuIwUqHoZ6T3 3vr6m04oUwXLl8pByVMf4X0= X-Received: by 2002:a05:600c:4e94:b0:3b4:baf8:cf18 with SMTP id f20-20020a05600c4e9400b003b4baf8cf18mr2078891wmq.170.1663673380152; Tue, 20 Sep 2022 04:29:40 -0700 (PDT) Received: from [10.100.102.14] (46-116-236-159.bb.netvision.net.il. [46.116.236.159]) by smtp.gmail.com with ESMTPSA id n34-20020a05600c502200b003b47a99d928sm2174187wmr.18.2022.09.20.04.29.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Sep 2022 04:29:39 -0700 (PDT) Message-ID: Date: Tue, 20 Sep 2022 14:29:37 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH v4 1/1] nvmet-tcp: Fix NULL pointer dereference during release Content-Language: en-US To: zhenwei pi , hch@lst.de Cc: kch@nvidia.com, linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, fmdefrancesco@gmail.com References: <20220913014253.931724-1-pizhenwei@bytedance.com> <20220913014253.931724-2-pizhenwei@bytedance.com> From: Sagi Grimberg In-Reply-To: <20220913014253.931724-2-pizhenwei@bytedance.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > nvmet-tcp frees CMD buffers in nvmet_tcp_uninit_data_in_cmds(), > and waits the inflight IO requests in nvmet_sq_destroy(). During wait > the inflight IO requests, the callback nvmet_tcp_queue_response() > is called from backend after IO complete, this leads a typical > Use-After-Free issue like this: Would it be possible to resend this patch rebased on top of nvme-6.1?