[PATCH 2/2] nvmet-tcp: fix a crash in nvmet_req_complete()
Keith Busch
kbusch at kernel.org
Thu Dec 21 13:19:16 PST 2023
On Thu, Dec 21, 2023 at 05:31:54PM +0100, Maurizio Lombardi wrote:
> in nvmet_tcp_handle_h2c_data_pdu(), if the host sends a data_offset
> different from rbytes_done, the driver ends up calling nvmet_req_complete()
> passing a status error.
> The problem is that at this point cmd->req is not yet initialized,
> the kernel will crash after dereferencing a NULL pointer.
>
> Fix the bug by replacing the call to nvmet_req_complete() with
> nvmet_tcp_fatal_error().
Looks good. The bug this fixes goes back to the beginning:
Fixes: 872d26a391da92 ("nvmet-tcp: add NVMe over TCP target driver")
Reviewed-by: Keith Busch <kbsuch at kernel.org>
More information about the Linux-nvme
mailing list