From: Dominique Martinet <asmadeus@codewreck.org>
To: Nalivayko Sergey <Sergey.Nalivayko@kaspersky.com>
Cc: v9fs-developer@lists.sourceforge.net, netdev@vger.kernel.org,
Eric Van Hensbergen <ericvh@gmail.com>,
Wang Hai <wanghai38@huawei.com>,
Latchesar Ionkov <lucho@ionkov.net>,
lvc-project@linuxtesting.org, stable@vger.kernel.org
Subject: Re: [PATCH] net: 9p: fix double req put in p9_fd_cancelled
Date: Fri, 15 Aug 2025 13:50:57 +0900 [thread overview]
Message-ID: <aJ68sV1kH2CQ8eYr@codewreck.org> (raw)
In-Reply-To: <aJ6U3DQn876wGS4C@codewreck.org>
Dominique Martinet wrote on Fri, Aug 15, 2025 at 11:01:00AM +0900:
> > Add an explicit check for REQ_STATUS_ERROR in p9_fd_cancelled before
> > processing the request. Skip processing if the request is already in the error
> > state, as it has been removed and its resources cleaned up.
>
> Looking at the other status, it's quite unlikely but if other thread
> would make it FLSHD we should also skip these -- and I don't think it's
> possible as far as the logic goes but if it's not sent yet we would have
> nothing to flush either, so it's probably better to invert the check,
> and make it `if (req != SENT) return` ?
>
> client.c already checks `READ_ONCE(oldreq->status) == REQ_STATUS_SENT`
> before calling cancelled but that's without lock, so basically we're
> checking nothing raced since that check, and it's not limited to RCVD
> and ERROR.
>
> If you can send a v2 with that I'll pick it up.
Actually it's just as fast if I do it myself, if you have time please
check this makes sense:
https://github.com/martinetd/linux/commit/afdaa9f9ea451a935e9b7645fc7ffd93d58cdfed
This is a fix but I don't believe it's urgent (can only happen with a
bogus server, and while in theory we should aim to be robust to an
adversary server I don't believe 9p is anywhere near that point), so
I'll push it along with other fixes next cycle as I missed the 5.17
train
Thanks,
--
Dominique Martinet | Asmadeus
prev parent reply other threads:[~2025-08-15 4:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-15 15:48 [PATCH] net: 9p: fix double req put in p9_fd_cancelled Nalivayko Sergey
2025-08-15 2:01 ` Dominique Martinet
2025-08-15 4:50 ` Dominique Martinet [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJ68sV1kH2CQ8eYr@codewreck.org \
--to=asmadeus@codewreck.org \
--cc=Sergey.Nalivayko@kaspersky.com \
--cc=ericvh@gmail.com \
--cc=lucho@ionkov.net \
--cc=lvc-project@linuxtesting.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=v9fs-developer@lists.sourceforge.net \
--cc=wanghai38@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.