[PATCH] nvmet-tcp: fix a segmentation fault during io parsing error

Hou Pu houpu.main at gmail.com
Mon Mar 22 04:06:30 GMT 2021 

On 2021/3/20 1:26 AM, Grupi, Elad wrote:
> Right, I see.
>
> But when calling nvmet_tcp_queue_response, the flag for NVMET_TCP_F_INIT_FAILED is not yet set.
> The flag is being set only after nvmet_req_init returns in nvmet_tcp_handle_req_failure.
Hmm, that's true.
> It is possible to block in nvmet_tcp_queue_response any command that has unattended inline data, will that work for you?

It's OK with me.


Thnaks,

Hou


>
> Thanks,
> Elad
>
> -----Original Message-----
> From: Hou Pu <houpu.main at gmail.com>
> Sent: Friday, 19 March 2021 5:53
> To: Grupi, Elad
> Cc: linux-nvme at lists.infradead.org; sagi at grimberg.me; houpu.main at gmail.com
> Subject: RE: [PATCH] nvmet-tcp: fix a segmentation fault during io parsing error
>
>
> [EXTERNAL EMAIL]
>
>> diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
>> index 70cc507d1565..5650293acaec 100644
>> --- a/drivers/nvme/target/tcp.c
>> +++ b/drivers/nvme/target/tcp.c
>> @@ -702,6 +702,17 @@ static int nvmet_tcp_try_send_one(struct nvmet_tcp_queue *queue,
>>   			return 0;
>>   	}
>>   
>> +	if (unlikely((cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
>> +			nvmet_tcp_has_data_in(cmd) &&
>> +			nvmet_tcp_has_inline_data(cmd))) {
>> +		/*
>> +		 * wait for inline data before processing the response
>> +		 * so the iov will not be freed
>> +		 */
>> +		queue->snd_cmd = NULL;
>> +		goto done_send;
>> +	}
>> +
> Hi Elad,
> Although this works, I think Sagi would prefer not adding this to the response queue in nvmet_tcp_queue_response().
>
>
>>   	if (cmd->state == NVMET_TCP_SEND_DATA_PDU) {
>>   		ret = nvmet_try_send_data_pdu(cmd);
>>   		if (ret <= 0)
>> @@ -1106,7 +1117,9 @@ static int nvmet_tcp_try_recv_data(struct nvmet_tcp_queue *queue)
>>   	if (!(cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
>>   	    cmd->rbytes_done == cmd->req.transfer_len) {
>>   		cmd->req.execute(&cmd->req);
>> -	}
>> +	} else if ((cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
>> +			cmd->rbytes_done == cmd->req.transfer_len)
>> +		nvmet_tcp_queue_response(&cmd->req);
>>   
>>   	nvmet_prepare_receive_pdu(queue);
>>   	return 0;
>> @@ -1146,6 +1159,8 @@ static int nvmet_tcp_try_recv_ddgst(struct nvmet_tcp_queue *queue)
>>   	if (!(cmd->flags & NVMET_TCP_F_INIT_FAILED) &&
>>   	    cmd->rbytes_done == cmd->req.transfer_len)
>>   		cmd->req.execute(&cmd->req);
>> +	else if ((cmd->flags & NVMET_TCP_F_INIT_FAILED))
>> +		nvmet_tcp_queue_response(&cmd->req);
>   
> Here we also need to check cmd->rbytes_done == cmd->req.transfer_len as we could get multiple data pdu.
>
> (BTW, did you forget to add [PATCH v2] to the subject line?)
>
> Thanks,
> Hou

More information about the Linux-nvme mailing list