v2 was here: https://lists.gnu.org/archive/html/qemu-devel/2024-08/msg00253.html
Since then: - CVE number assigned - drop old patch 1. Instead of tracking nbd_server generation, the code now ensures that nbd_server can't be set to NULL until all clients have disconnected - rewrite to force qio shutdown coupled with AIO_WAIT to ensure all clients actually disconnect quickly (from the server's perspective. A client may still hold its socket open longer, but will eventually see EPIPE or EOF when finally using it) - patch 2 is optional, although I like the notion of a doubly-linked list (where the client has to remember an opaque pointer) over a singly-linked one (where the client is unchanged, but a lot of repeated client connect/disconnect over a long-lived server can chew up memory and slow down the eventual nbd-server-stop) Eric Blake (2): nbd: CVE-2024-7409: Close stray client sockets at server shutdown nbd: Clean up clients more efficiently include/block/nbd.h | 4 +++- blockdev-nbd.c | 39 +++++++++++++++++++++++++++++++++++++-- nbd/server.c | 15 ++++++++++++--- qemu-nbd.c | 2 +- 4 files changed, 53 insertions(+), 7 deletions(-) -- 2.45.2
