[PATCH] nvme-tcp: Fix UAF when detecting digest errors
Daniel Wagner
dwagner at suse.de
Mon Sep 19 00:33:12 PDT 2022
Hi Sagi,
On Mon, Sep 05, 2022 at 02:04:21PM +0200, Daniel Wagner wrote:
> On Mon, Sep 05, 2022 at 01:54:17PM +0300, Sagi Grimberg wrote:
> > We should also bail from the io_work loop when we
> > set rd_enabled to true, so we don't attempt to read
> > data from the socket when the tcp stream is already
> > out-of-sync or corrupted.
> >
> > Fixes: 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver")
> > Reported-by: Daniel Wagner <dwagner at suse.de>
> > Signed-off-by: Sagi Grimberg <sagi at grimberg.me>
>
> Makes sense independent of my bug report. I let you know what the
> outcome of our customers testing is.
Finally got feedback on this patch. It fixes the reported problem. The
host doesn't crash anymore:
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
nvme nvme10: data digest error: recv 0x0 expected 0xee74c89b
nvme nvme10: data digest error: recv 0x0 expected 0xee74c89b
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
Thanks!
Daniel
More information about the Linux-nvme
mailing list