[PATCH v3] nvmet-tcp: fix a segmentation fault during io parsing error
Hou Pu
houpu.main at gmail.com
Tue Mar 30 05:12:19 BST 2021
On Date: Mon, 29 Mar 2021 21:01:25 +0300, Elad Grupi wrote:
> diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
> index 70cc507d1565..41102fc09595 100644
> --- a/drivers/nvme/target/tcp.c
> +++ b/drivers/nvme/target/tcp.c
> @@ -525,11 +525,34 @@ static void nvmet_tcp_queue_response(struct nvmet_req *req)
> struct nvmet_tcp_cmd *cmd =
> container_of(req, struct nvmet_tcp_cmd, req);
> struct nvmet_tcp_queue *queue = cmd->queue;
> + struct nvme_sgl_desc *sgl;
> + u32 len;
> +
> + if (unlikely(cmd == queue->cmd)) {
> + sgl = &cmd->req.cmd->common.dptr.sgl;
> + len = le32_to_cpu(sgl->length);
> +
> + /*
> + * Wait for inline data before processing the response.
> + * Avoid using helpers, this might happen before
> + * nvmet_req_init is completed.
> + */
> + if (len && cmd->rcv_state == NVMET_TCP_RECV_PDU)
> + return;
Is it queue->rcv_state ?
I tried this patch, the identify command could get here. And nvme connect could hang.
We need to figure out a way to tell if it needs abort queue the request. Or maybe we
could use the v2 version.
Thanks,
Hou
> + }
> llist_add(&cmd->lentry, &queue->resp_list);
> queue_work_on(queue_cpu(queue), nvmet_tcp_wq, &cmd->queue->io_work);
> }
More information about the Linux-nvme
mailing list