[PATCH] nvme-rdma: fix crash due to incorrect cqe
Chao Leng
lengchao at huawei.com
Mon Oct 12 04:55:37 EDT 2020
A crash happened due to injecting error test. The cqe has incorrect
command id, host may find a request which already be freed.
req->mr->rkey cause a crash in nvme_rdma_process_nvme_rsp.
Because the mr is already freed.
Add a check for the mr to fix it.
Signed-off-by: Chao Leng <lengchao at huawei.com>
---
drivers/nvme/host/rdma.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index 9e378d0a0c01..70dbc289d22e 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -1730,10 +1730,11 @@ static void nvme_rdma_process_nvme_rsp(struct nvme_rdma_queue *queue,
req->result = cqe->result;
if (wc->wc_flags & IB_WC_WITH_INVALIDATE) {
- if (unlikely(wc->ex.invalidate_rkey != req->mr->rkey)) {
+ if (unlikely(!req->mr ||
+ wc->ex.invalidate_rkey != req->mr->rkey)) {
dev_err(queue->ctrl->ctrl.device,
"Bogus remote invalidation for rkey %#x\n",
- req->mr->rkey);
+ req->mr ? req->mr->rkey : 0);
nvme_rdma_error_recovery(queue->ctrl);
}
} else if (req->mr) {
--
2.16.4
More information about the Linux-nvme
mailing list