nvme-tcp: fix possible req->offset corruption - kernel

diff options

author	Varun Prakash <[email protected]>	2021-10-26 13:31:55 +0000
committer	Christoph Hellwig <[email protected]>	2021-10-27 05:58:26 +0000
commit	ce7723e9cdae4eb3030da082876580f4b2dc0861 (patch)
tree	a5e1471acc87c1d2c157b04d2efe2658eb62a3f8 /scripts/gcc-plugins/randomize_layout_plugin.c
parent	nvme-tcp: fix H2CData PDU send accounting (again) (diff)
download	kernel-ce7723e9cdae4eb3030da082876580f4b2dc0861.tar.gz kernel-ce7723e9cdae4eb3030da082876580f4b2dc0861.zip

nvme-tcp: fix possible req->offset corruption

With commit db5ad6b7f8cd ("nvme-tcp: try to send request in queue_rq context") r2t and response PDU can get processed while send function is executing. Current data digest send code uses req->offset after kernel_sendmsg(), this creates a race condition where req->offset gets reset before it is used in send function. This can happen in two cases - 1. Target sends r2t PDU which resets req->offset. 2. Target send response PDU which completes the req and then req is used for a new command, nvme_tcp_setup_cmd_pdu() resets req->offset. Fix this by storing req->offset in a local variable and using this local variable after kernel_sendmsg(). Fixes: db5ad6b7f8cd ("nvme-tcp: try to send request in queue_rq context") Signed-off-by: Varun Prakash <[email protected]> Reviewed-by: Keith Busch <[email protected]> Reviewed-by: Sagi Grimberg <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]>

Diffstat (limited to 'scripts/gcc-plugins/randomize_layout_plugin.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: