From: rajur@chelsio.com (Raju Rangoju)
Subject: [PATCH] nvmet-rdma: fix null dereference under heavy load
Date: Thu, 3 Jan 2019 15:01:26 +0530 [thread overview]
Message-ID: <20190103093124.GA22889@chelsio.com> (raw)
In-Reply-To: <ef4b9d98-f55d-8597-7fa0-c4e49e7e3b0c@mellanox.com>
On Wednesday, January 01/02/19, 2019@16:04:12 +0200, Max Gurtovoy wrote:
>
> On 1/2/2019 12:51 PM, Raju Rangoju wrote:
> >Under heavy load if we don't have any pre-allocated rsps left, we
> >dynamically allocate a rsp, but we are not actually allocating memory
> >for nvme_completion (rsp->req.rsp). In such a case, accessing pointer
> >fields (req->rsp->status) in nvmet_req_init() will result in crash.
> >
> >To fix this, allocate the memory for nvme_completion by calling
> >nvmet_rdma_alloc_rsp()
> >
> >fixes 8407879c(nvmet-rdma: fix possible bogus dereference under heavy
> >load)
> >
> >Signed-off-by: Raju Rangoju <rajur at chelsio.com>
> >---
> > drivers/nvme/target/rdma.c | 14 +++++++++++++-
> > 1 file changed, 13 insertions(+), 1 deletion(-)
> >
> >diff --git a/drivers/nvme/target/rdma.c b/drivers/nvme/target/rdma.c
> >index a8d23eb80192..3d02e41868b1 100644
> >--- a/drivers/nvme/target/rdma.c
> >+++ b/drivers/nvme/target/rdma.c
> >@@ -139,6 +139,10 @@ static void nvmet_rdma_recv_done(struct ib_cq *cq, struct ib_wc *wc);
> > static void nvmet_rdma_read_data_done(struct ib_cq *cq, struct ib_wc *wc);
> > static void nvmet_rdma_qp_event(struct ib_event *event, void *priv);
> > static void nvmet_rdma_queue_disconnect(struct nvmet_rdma_queue *queue);
> >+static void nvmet_rdma_free_rsp(struct nvmet_rdma_device *ndev,
> >+ struct nvmet_rdma_rsp *r);
> >+static int nvmet_rdma_alloc_rsp(struct nvmet_rdma_device *ndev,
> >+ struct nvmet_rdma_rsp *r);
> > static const struct nvmet_fabrics_ops nvmet_rdma_ops;
> >@@ -173,6 +177,7 @@ nvmet_rdma_get_rsp(struct nvmet_rdma_queue *queue)
> > {
> > struct nvmet_rdma_rsp *rsp;
> > unsigned long flags;
> >+ int ret = -EINVAL;
>
> this integer can be used inside the scope of the "if" and also maybe
> redundant (Sagi/Christoph any preferences ?)
>
> anyway please use "unlikely" in this datapath flow condition for efficiency.
>
> otherwise, looks good.
>
Will fix in v2.
> Reviewed-by: Max Gurtovoy <maxg at mellanox.com>
>
>
prev parent reply other threads:[~2019-01-03 9:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-02 10:51 [PATCH] nvmet-rdma: fix null dereference under heavy load Raju Rangoju
2019-01-02 14:04 ` Max Gurtovoy
2019-01-03 9:31 ` Raju Rangoju [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190103093124.GA22889@chelsio.com \
--to=rajur@chelsio.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.