nvmet-tcp: fix possible list corruption for unexpected command failure

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nvmet_tcp_handle_req_failure needs to understand weather to prepare
for incoming data or the next pdu. However if we misidentify this, we
will wait for 0-length data, and queue the response although nvmet_req_init
already did that.

The particular command was namespace management command with no data,
which was incorrectly categorized as a command with incapsule data.

Also, add a code comment of what we are trying to do here.

Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>

authored by

Sagi Grimberg and committed by

Christoph Hellwig 4 years ago 30e32f30 8b77fa6f

+8 -1

1 changed file

expand all

drivers

nvme

target

tcp.c

+8 -1

drivers/nvme/target/tcp.c

··· 922 922 size_t data_len = le32_to_cpu(req->cmd->common.dptr.sgl.length); 923 923 int ret; 924 924 925 - if (!nvme_is_write(cmd->req.cmd) || 925 + /* 926 + * This command has not been processed yet, hence we are trying to 927 + * figure out if there is still pending data left to receive. If 928 + * we don't, we can simply prepare for the next pdu and bail out, 929 + * otherwise we will need to prepare a buffer and receive the 930 + * stale data before continuing forward. 931 + */ 932 + if (!nvme_is_write(cmd->req.cmd) || !data_len || 926 933 data_len > cmd->req.port->inline_data_size) { 927 934 nvmet_prepare_receive_pdu(queue); 928 935 return;