[PATCH] nvme-tcp: fix a segmentation fault during io parsing error
Sagi Grimberg
sagi at grimberg.me
Wed Jan 13 17:47:18 EST 2021
Hey Elad,
> From: Elad Grupi <elad.grupi at dell.com>
>
> In case there is an io that contains inline data and it goes to
> parsing error flow, command response will free command and iov
> before clearing the data on the socket buffer.
> This will delay the command response until receive flow is completed.
>
> Signed-off-by: Elad Grupi <elad.grupi at dell.com>
> ---
> drivers/nvme/target/tcp.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
> index d535080b781f..dea94da4c9ba 100644
> --- a/drivers/nvme/target/tcp.c
> +++ b/drivers/nvme/target/tcp.c
> @@ -146,6 +146,7 @@ static struct workqueue_struct *nvmet_tcp_wq;
> static struct nvmet_fabrics_ops nvmet_tcp_ops;
> static void nvmet_tcp_free_cmd(struct nvmet_tcp_cmd *c);
> static void nvmet_tcp_finish_cmd(struct nvmet_tcp_cmd *cmd);
> +static void nvmet_tcp_queue_response(struct nvmet_req *req);
>
> static inline u16 nvmet_tcp_cmd_tag(struct nvmet_tcp_queue *queue,
> struct nvmet_tcp_cmd *cmd)
> @@ -476,7 +477,11 @@ static struct nvmet_tcp_cmd *nvmet_tcp_fetch_cmd(struct nvmet_tcp_queue *queue)
> nvmet_setup_c2h_data_pdu(queue->snd_cmd);
> else if (nvmet_tcp_need_data_in(queue->snd_cmd))
> nvmet_setup_r2t_pdu(queue->snd_cmd);
> - else
> + else if (nvmet_tcp_has_data_in(queue->snd_cmd) &&
> + nvmet_tcp_has_inline_data(queue->snd_cmd)) {
This deserves a comment I think.
Did you get a chance to look into what I sent you guys?
> + nvmet_tcp_queue_response(&queue->snd_cmd->req);
> + queue->snd_cmd = NULL;
> + } else
> nvmet_setup_response_pdu(queue->snd_cmd);
>
> return queue->snd_cmd;
>
More information about the Linux-nvme
mailing list