Re: [RFC PATCH V2 2/6] ublk_drv: refactor ublk_cancel_queue()

From: Ming Lei
Date: Sat Sep 03 2022 - 07:16:21 EST

Next message: Ming Lei: "Re: [RFC PATCH V2 3/6] ublk_drv: define macros for recovery feature and check them"
Previous message: syzbot: "Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in __rxe_do_task"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 31, 2022 at 11:51:32PM +0800, ZiyangZhang wrote:
> Assume only a few FETCH_REQ ioucmds are sent to ublk_drv, then the
> ubq_daemon exits, We have to call io_uring_cmd_done() for all ioucmds
> received so that io_uring ctx will not leak.
>
> ublk_cancel_queue() may be called before START_DEV or after STOP_DEV,
> we decrease ubq->nr_io_ready and clear UBLK_IO_FLAG_ACTIVE so that we
> won't call io_uring_cmd_done() twice for one ioucmd to avoid UAF. Also
> clearing UBLK_IO_FLAG_ACTIVE makes the code more reasonable.
>
> Signed-off-by: ZiyangZhang <ZiyangZhang@xxxxxxxxxxxxxxxxx>
> ---

Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>

Thanks,
Ming

Next message: Ming Lei: "Re: [RFC PATCH V2 3/6] ublk_drv: define macros for recovery feature and check them"
Previous message: syzbot: "Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in __rxe_do_task"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]