[PATCH] nvme-tcp: fix possible data corruption with bio merges
Christoph Hellwig
hch at lst.de
Wed Jan 13 13:31:42 EST 2021
> static inline size_t nvme_tcp_req_cur_length(struct nvme_tcp_request *req)
> {
> - return min_t(size_t, req->iter.bvec->bv_len - req->iter.iov_offset,
> - req->pdu_len - req->pdu_sent);
> + return min_t(size_t, req->iter.count,
> + min_t(size_t, req->iter.bvec->bv_len - req->iter.iov_offset,
> + req->pdu_len - req->pdu_sent));
We are not supposed to directly poke into an iov_iter.
I suspect this should be something like:
return min_t(size_t, iov_iter_single_seg_count(&req->iter),
req->pdu_len - req->pdu_sent);
More information about the Linux-nvme
mailing list