kernel null pointer at nvme_tcp_init_iter+0x7d/0xd0 [nvme_tcp]
Sagi Grimberg
sagi at grimberg.me
Tue Feb 9 13:01:52 EST 2021
>>>> Thanks for reporting Ming, I've tried to reproduce this on my VM
>>>> but did not succeed. Given that you have it 100% reproducible,
>>>> can you try to revert commit:
>>>>
>>>> 0dc9edaf80ea nvme-tcp: pass multipage bvec to request iov_iter
>>>>
>>>
>>> Revert this commit fixed the issue and I've attached the config. :)
>>
>> Hey Ming,
>>
>> Instead of revert, does this patch makes the issue go away?
> Hi Sagi
>
> Below patch fixed the issue, let me know if you need more testing. :)
Thanks Yi,
I'll submit a proper patch, but can you run this change
to see what command has a bio but without any data?
--
diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index 619b0d8f6e38..311f1b78a9d4 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -2271,8 +2271,13 @@ static blk_status_t nvme_tcp_setup_cmd_pdu(struct
nvme_ns *ns,
req->data_len = blk_rq_nr_phys_segments(rq) ?
blk_rq_payload_bytes(rq) : 0;
req->curr_bio = rq->bio;
- if (req->curr_bio)
+ if (req->curr_bio) {
+ if (!req->data_len) {
+ pr_err("rq %d opcode %d\n", rq->tag,
pdu->cmd.common.opcode);
+ return BLK_STS_IOERR;
+ }
nvme_tcp_init_iter(req, rq_data_dir(rq));
+ }
if (rq_data_dir(rq) == WRITE &&
req->data_len <= nvme_tcp_inline_data_size(queue))
--
More information about the Linux-nvme
mailing list