kernel null pointer at nvme_tcp_init_iter+0x7d/0xd0 [nvme_tcp]
Yi Zhang
yi.zhang at redhat.com
Tue Feb 9 07:57:55 EST 2021
On 2/9/21 6:25 PM, Sagi Grimberg wrote:
>
>> Hi Sagi
>>
>> On 2/8/21 5:46 PM, Sagi Grimberg wrote:
>>>
>>>> Hello
>>>>
>>>> We found this kernel NULL pointer issue with latest
>>>> linux-block/for-next and it's 100% reproduced, let me know if you
>>>> need more info/testing, thanks
>>>>
>>>> Kernel repo:
>>>> https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git
>>>> Commit: 11f8b6fd0db9 - Merge branch 'for-5.12/io_uring' into for-next
>>>>
>>>> Reproducer: blktests nvme-tcp/012
>>>
>>> Thanks for reporting Ming, I've tried to reproduce this on my VM
>>> but did not succeed. Given that you have it 100% reproducible,
>>> can you try to revert commit:
>>>
>>> 0dc9edaf80ea nvme-tcp: pass multipage bvec to request iov_iter
>>>
>>
>> Revert this commit fixed the issue and I've attached the config. :)
>
> Hey Ming,
>
> Instead of revert, does this patch makes the issue go away?
Hi Sagi
Below patch fixed the issue, let me know if you need more testing. :)
Thanks
Yi
> --
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index 619b0d8f6e38..69f59d2c5799 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -2271,7 +2271,7 @@ static blk_status_t
> nvme_tcp_setup_cmd_pdu(struct nvme_ns *ns,
> req->data_len = blk_rq_nr_phys_segments(rq) ?
> blk_rq_payload_bytes(rq) : 0;
> req->curr_bio = rq->bio;
> - if (req->curr_bio)
> + if (req->curr_bio && req->data_len)
> nvme_tcp_init_iter(req, rq_data_dir(rq));
>
> if (rq_data_dir(rq) == WRITE &&
> --
>
More information about the Linux-nvme
mailing list