[PATCH 0/2] nvmet-tcp: fix receive path error handling and state machine
yunje shin
yjshin0438 at gmail.com
Thu Mar 12 22:58:55 PDT 2026
On Thu, Mar 12, 2026 at 1:09 AM Maurizio Lombardi <mlombard at redhat.com> wrote:
>
> Patch 1 fixes a potential issue where network data could be read into an
> uninitialized iterator. Currently, nvmet_tcp_build_pdu_iovec() returns void,
> meaning callers are unaware if an out-of-bounds PDU length or offset triggers
> an early return. Consequently, callers blindly overwrite the queue state to
> NVMET_TCP_RECV_DATA. This patch modifies the function to return an error code,
> shifting the handling responsibility to the callers to ensure proper socket
> teardown.
Thank you for the patchset — the error propagation cleanup looks
really clean and makes the receive path error handling much clearer.
I've been trying to reproduce this crash scenario on my end [1],
but I haven't been able to trigger it reliably in my test
environment so far.
If you have a crash log or call trace available, could you share it?
It would really help me verify that my test setup is exercising
the right code path.
[1] https://lore.kernel.org/linux-nvme/DGUSGT9WLRH8.GBZ0CM62IV9T@arkamax.eu/
Best regards,
Yunje
More information about the Linux-nvme
mailing list