[PATCH 1/1] nvme-tcp: fence TCP socket on transport error
Chris Leech
cleech at redhat.com
Mon Mar 20 15:09:47 PDT 2023
Ensure that no further socket reads occur after a receive processing
error, either from io_work being re-scheduled or nvme_tcp_poll.
Failing to do so can result in unrecognised PDU payloads or TCP stream
garbage being processed as a C2H data PDU, and potentially start copying
the payload to an invalid destination after looking up a request using a
bogus command id.
Signed-off-by: Chris Leech <cleech at redhat.com>
---
drivers/nvme/host/tcp.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index 42c0598c31f2..49e8eb576527 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -888,6 +888,13 @@ static int nvme_tcp_recv_skb(read_descriptor_t *desc, struct sk_buff *skb,
size_t consumed = len;
int result;
+ if (!queue->rd_enabled) {
+ /* io_work or polling happening after receive error
+ * waiting on error recovery
+ */
+ return -EFAULT;
+ }
+
while (len) {
switch (nvme_tcp_recv_state(queue)) {
case NVME_TCP_RECV_PDU:
--
2.39.2
More information about the Linux-nvme
mailing list