[PATCH v4] nvmet-tcp: fix a segmentation fault during io parsing error
Hou Pu
houpu.main at gmail.com
Wed Mar 31 08:48:56 BST 2021
On Tue, 30 Mar 2021 20:24:07 +0300, Elad wrote:
> @@ -960,7 +981,7 @@ static int nvmet_tcp_done_recv_pdu(struct nvmet_tcp_queue *queue)
> le32_to_cpu(req->cmd->common.dptr.sgl.length));
>
> nvmet_tcp_handle_req_failure(queue, queue->cmd, req);
> - return -EAGAIN;
> + return 0;
> }
>
> ret = nvmet_tcp_map_data(queue->cmd);
Hi Elad
By returning 0, the response is queued twice before it is get off from the
list. Even still returning -EAGAIN, the cmd still could be queued twice
potentially.
I think we'd better not queue the failed cmd in first place.
Please see my following fix later.
Thanks,
Hou
More information about the Linux-nvme
mailing list