[PATCH 1/1] nvme-tcp: fence TCP socket on transport error
Sagi Grimberg
sagi at grimberg.me
Tue Mar 21 01:30:24 PDT 2023
Hey Chris,
> Ensure that no further socket reads occur after a receive processing
> error, either from io_work being re-scheduled or nvme_tcp_poll.
>
> Failing to do so can result in unrecognised PDU payloads or TCP stream
> garbage being processed as a C2H data PDU, and potentially start copying
> the payload to an invalid destination after looking up a request using a
> bogus command id.
I agree with your analysis.
>
> Signed-off-by: Chris Leech <cleech at redhat.com>
> ---
> drivers/nvme/host/tcp.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index 42c0598c31f2..49e8eb576527 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -888,6 +888,13 @@ static int nvme_tcp_recv_skb(read_descriptor_t *desc, struct sk_buff *skb,
> size_t consumed = len;
> int result;
>
> + if (!queue->rd_enabled) {
> + /* io_work or polling happening after receive error
> + * waiting on error recovery
> + */
> + return -EFAULT;
> + }
I think we can drop the comment, the code is somewhat self-explanatory,
if read is not enabled, we shouldn't try and read from the socket.
if (!queue->rd_enabled)
return -EFAULT;
More information about the Linux-nvme
mailing list