[PATCH] nvmet-tcp: fix a segmentation fault during io parsing error

Grupi, Elad Elad.Grupi at dell.com
Fri Mar 19 17:26:47 GMT 2021


Right, I see.

But when calling nvmet_tcp_queue_response, the flag for NVMET_TCP_F_INIT_FAILED is not yet set.
The flag is being set only after nvmet_req_init returns in nvmet_tcp_handle_req_failure.
It is possible to block in nvmet_tcp_queue_response any command that has unattended inline data, will that work for you?

Thanks,
Elad

-----Original Message-----
From: Hou Pu <houpu.main at gmail.com> 
Sent: Friday, 19 March 2021 5:53
To: Grupi, Elad
Cc: linux-nvme at lists.infradead.org; sagi at grimberg.me; houpu.main at gmail.com
Subject: RE: [PATCH] nvmet-tcp: fix a segmentation fault during io parsing error


[EXTERNAL EMAIL] 

> diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c 
> index 70cc507d1565..5650293acaec 100644
> --- a/drivers/nvme/target/tcp.c
> +++ b/drivers/nvme/target/tcp.c
> @@ -702,6 +702,17 @@ static int nvmet_tcp_try_send_one(struct nvmet_tcp_queue *queue,
>  			return 0;
>  	}
>  
> +	if (unlikely((cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
> +			nvmet_tcp_has_data_in(cmd) &&
> +			nvmet_tcp_has_inline_data(cmd))) {
> +		/*
> +		 * wait for inline data before processing the response
> +		 * so the iov will not be freed
> +		 */
> +		queue->snd_cmd = NULL;
> +		goto done_send;
> +	}
> +

Hi Elad,
Although this works, I think Sagi would prefer not adding this to the response queue in nvmet_tcp_queue_response().


>  	if (cmd->state == NVMET_TCP_SEND_DATA_PDU) {
>  		ret = nvmet_try_send_data_pdu(cmd);
>  		if (ret <= 0)
> @@ -1106,7 +1117,9 @@ static int nvmet_tcp_try_recv_data(struct nvmet_tcp_queue *queue)
>  	if (!(cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
>  	    cmd->rbytes_done == cmd->req.transfer_len) {
>  		cmd->req.execute(&cmd->req);
> -	}
> +	} else if ((cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
> +			cmd->rbytes_done == cmd->req.transfer_len)
> +		nvmet_tcp_queue_response(&cmd->req);
>  
>  	nvmet_prepare_receive_pdu(queue);
>  	return 0;
> @@ -1146,6 +1159,8 @@ static int nvmet_tcp_try_recv_ddgst(struct nvmet_tcp_queue *queue)
>  	if (!(cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
>  	    cmd->rbytes_done == cmd->req.transfer_len)
>  		cmd->req.execute(&cmd->req);
> +	else if ((cmd->flags & NVMET_TCP_F_INIT_FAILED))
> +		nvmet_tcp_queue_response(&cmd->req);
 
Here we also need to check cmd->rbytes_done == cmd->req.transfer_len as we could get multiple data pdu.

(BTW, did you forget to add [PATCH v2] to the subject line?)

Thanks,
Hou


More information about the Linux-nvme mailing list