[PATCH v2 1/1] nvme-tcp: fence TCP socket on receive error
John Meneghini
jmeneghi at redhat.com
Tue Mar 21 13:19:18 PDT 2023
Reviewed-by: John Meneghini <jmeneghi at redhat.com>
On 3/21/23 12:30, Chris Leech wrote:
> Ensure that no further socket reads occur after a receive processing
> error, either from io_work being re-scheduled or nvme_tcp_poll.
>
> Failing to do so can result in unrecognised PDU payloads or TCP stream
> garbage being processed as a C2H data PDU, and potentially start copying
> the payload to an invalid destination after looking up a request using a
> bogus command id.
>
> Signed-off-by: Chris Leech <cleech at redhat.com>
> ---
> drivers/nvme/host/tcp.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index 42c0598c31f2..99ad715210af 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -888,6 +888,9 @@ static int nvme_tcp_recv_skb(read_descriptor_t *desc, struct sk_buff *skb,
> size_t consumed = len;
> int result;
>
> + if (unlikely(!queue->rd_enabled))
> + return -EFAULT;
> +
> while (len) {
> switch (nvme_tcp_recv_state(queue)) {
> case NVME_TCP_RECV_PDU:
More information about the Linux-nvme
mailing list