| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D8F0L25A8NP6.MR1S5ORJC9XE@bsdbackstore.eu> Date: Thu, 13 Mar 2025 10:01:07 +0100 From: "Maurizio Lombardi" <mlombard@...backstore.eu> To: "zhang.guanghui@...tc.cn" <zhang.guanghui@...tc.cn>, "Hannes Reinecke" <hare@...e.de>, "sagi" <sagi@...mberg.me>, "mgurtovoy" <mgurtovoy@...dia.com>, "kbusch" <kbusch@...nel.org>, "sashal" <sashal@...nel.org>, "chunguang.xu" <chunguang.xu@...pee.com> Cc: "linux-kernel" <linux-kernel@...r.kernel.org>, "linux-nvme" <linux-nvme@...ts.infradead.org>, "linux-block" <linux-block@...r.kernel.org> Subject: Re: nvme-tcp: fix a possible UAF when failing to send request【请注意,邮件由sagigrim@...il.com代发】 On Thu Mar 13, 2025 at 9:31 AM CET, zhang.guanghui@...tc.cn wrote: > Hi, > in fact, the nvme_tcp_try_send() failure, the target may send C2HTermReq immediately. while the host receives the C2HTermReq and still starting error recovery. > so when queue->rd_enabled is false, can avoid starting error recovery agagin. Not all targets send C2HTermReq (for example, the Linux target doesn't at the moment) so you can't rely on that. In any case, calling nvme_tcp_error_recovery() twice is harmless; the first call moves the controller to the resetting state, the second call is ignored. Maurizio
Powered by blists - more mailing lists