[PATCH v2] nvme-tcp: Check if request has started before processing it
Sagi Grimberg
sagi at grimberg.me
Fri Mar 5 19:57:30 GMT 2021
> blk_mq_tag_to_rq() always returns a request if the tag id is in a
> valid range [0...max_tags). If the target replies with a tag for which
> we don't have a request but it's not started, the host will likely
> corrupt data or simply crash.
>
> Add an additional check if the a request has been started if not
> reset the connection.
>
> This addition check will not protected against an invalid tag which
> maps to a request which has been started. There is nothing we can do
> about this. Though it will at a least protect from crashing the host,
> which generally thought to be the right thing to do.
Daniel, again, there is nothing specific about this to nvme-tcp,
this is a safeguard against a funky controller (or a different
bug that is hidden by this). The same can happen in any other
transport so I would suggest that if this is a safeguard we
want to put in place, we should make it a generic one.
i.e. nvme_tag_to_rq() that _all_ transports call consistently.
More information about the Linux-nvme
mailing list