From: Long Li <leo.lilong@huawei.com>

Hi,

Commit b98e762e3d ("nbd: freeze the queue while we're adding
connections") introduced blk_mq_freeze_queue() in the add-socket path
to prevent use-after-free when krealloc() relocates the config->socks
array while I/O is in flight. However, freezing the queue on every
connection setup introduces significant latency when establishing a
large number of connections.

This series eliminates the queue freeze by replacing the
krealloc-based struct nbd_sock **socks array with a struct xarray.
The xarray provides RCU-safe pointer publishing: each nbd_sock is
fully initialized before being stored via xa_store(), and concurrent
readers access individual entries through xa_load() without ever
holding a reference to the array itself. This removes the possibility
of UAF on array reallocation, making the queue freeze unnecessary.

The following test was performed with 256 connections on a local
nbd-server:

  nbd-server -M 256 -C /etc/nbd-server/config
  time nbd-client 127.0.0.1 10809 /dev/nbd0 -N myexport -C 256

  Before:  real 4.510s  user 0.004s  sys 0.038s
  After:   real 0.263s  user 0.009s  sys 0.032s

Connection setup time is reduced by ~94%.

Long Li (4):
  nbd: simplify find_fallback() by removing redundant logic
  nbd: replace socks pointer array with xarray
  nbd: remove redundant num_connections boundary checks
  nbd: remove queue freeze in nbd_add_socket

 drivers/block/nbd.c | 201 +++++++++++++++++++++++---------------------
 1 file changed, 106 insertions(+), 95 deletions(-)

-- 
2.39.2