nvme-tcp uaf when tls setup fails
Daniel Wagner
dwagner at suse.de
Mon Oct 14 06:14:58 PDT 2024
> The logs say that the connect to queue 3 fails, but it seems this
> command never got send out (ftrace):
>
> kworker/4:0H-759 [004] ..... 8771.165686: nvme_setup_cmd: nvme1: qid=0, cmdid=0, nsid=1, flags=0x0, meta=0x0, cmd=(nvme_fabrics_type_connect recfmt=0, qid=1, sqsize=127, cattr=0, kato=0)
> <idle>-0 [004] ..s1. 8771.172062: nvme_complete_rq: nvme1: qid=0, cmdid=0, res=0x1, retries=0, flags=0x0, status=0x0
> kworker/5:0H-796 [005] ..... 8771.172422: nvme_setup_cmd: nvme1: qid=0, cmdid=0, nsid=1, flags=0x0, meta=0x0, cmd=(nvme_fabrics_type_connect recfmt=0, qid=2, sqsize=127, cattr=0, kato=0)
> <idle>-0 [005] ..s1. 8771.178292: nvme_complete_rq: nvme1: qid=0, cmdid=0, res=0x1, retries=0, flags=0x0, status=0x0
>
> And it is very reliable to reproduce it.
It is also reproducible without TLS.
More information about the Linux-nvme
mailing list