[PATCH] nvmet-tcp: fix a segmentation fault during io parsing error
Hou Pu
houpu.main at gmail.com
Fri Mar 19 03:52:57 GMT 2021
> diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
> index 70cc507d1565..5650293acaec 100644
> --- a/drivers/nvme/target/tcp.c
> +++ b/drivers/nvme/target/tcp.c
> @@ -702,6 +702,17 @@ static int nvmet_tcp_try_send_one(struct nvmet_tcp_queue *queue,
> return 0;
> }
>
> + if (unlikely((cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
> + nvmet_tcp_has_data_in(cmd) &&
> + nvmet_tcp_has_inline_data(cmd))) {
> + /*
> + * wait for inline data before processing the response
> + * so the iov will not be freed
> + */
> + queue->snd_cmd = NULL;
> + goto done_send;
> + }
> +
Hi Elad,
Although this works, I think Sagi would prefer not adding this to the
response queue in nvmet_tcp_queue_response().
> if (cmd->state == NVMET_TCP_SEND_DATA_PDU) {
> ret = nvmet_try_send_data_pdu(cmd);
> if (ret <= 0)
> @@ -1106,7 +1117,9 @@ static int nvmet_tcp_try_recv_data(struct nvmet_tcp_queue *queue)
> if (!(cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
> cmd->rbytes_done == cmd->req.transfer_len) {
> cmd->req.execute(&cmd->req);
> - }
> + } else if ((cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
> + cmd->rbytes_done == cmd->req.transfer_len)
> + nvmet_tcp_queue_response(&cmd->req);
>
> nvmet_prepare_receive_pdu(queue);
> return 0;
> @@ -1146,6 +1159,8 @@ static int nvmet_tcp_try_recv_ddgst(struct nvmet_tcp_queue *queue)
> if (!(cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
> cmd->rbytes_done == cmd->req.transfer_len)
> cmd->req.execute(&cmd->req);
> + else if ((cmd->flags & NVMET_TCP_F_INIT_FAILED))
> + nvmet_tcp_queue_response(&cmd->req);
Here we also need to check cmd->rbytes_done == cmd->req.transfer_len as
we could get multiple data pdu.
(BTW, did you forget to add [PATCH v2] to the subject line?)
Thanks,
Hou
More information about the Linux-nvme
mailing list