From: Daniel Wagner <dwagner@suse.de>
To: linux-nvme@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
Sagi Grimberg <sagi@grimberg.me>, Keith Busch <kbusch@kernel.org>,
James Smart <james.smart@broadcom.com>,
Hannes Reinecke <hare@suse.de>, Daniel Wagner <dwagner@suse.de>
Subject: [PATCH v3 03/16] nvmet-trace: avoid dereferencing pointer too early
Date: Mon, 18 Dec 2023 16:30:51 +0100 [thread overview]
Message-ID: <20231218153105.12717-4-dwagner@suse.de> (raw)
In-Reply-To: <20231218153105.12717-1-dwagner@suse.de>
The first command issued from the host to the target is the fabrics
connect command. At this point, neither the target queue nor the
controller have been allocated. But we already try to trace this command
in nvmet_req_init.
Reported by KASAN.
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Daniel Wagner <dwagner@suse.de>
---
drivers/nvme/target/trace.c | 6 +++---
drivers/nvme/target/trace.h | 28 +++++++++++++++++-----------
2 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/nvme/target/trace.c b/drivers/nvme/target/trace.c
index bff454d46255..6ee1f3db81d0 100644
--- a/drivers/nvme/target/trace.c
+++ b/drivers/nvme/target/trace.c
@@ -211,7 +211,7 @@ const char *nvmet_trace_disk_name(struct trace_seq *p, char *name)
return ret;
}
-const char *nvmet_trace_ctrl_name(struct trace_seq *p, struct nvmet_ctrl *ctrl)
+const char *nvmet_trace_ctrl_id(struct trace_seq *p, u16 ctrl_id)
{
const char *ret = trace_seq_buffer_ptr(p);
@@ -224,8 +224,8 @@ const char *nvmet_trace_ctrl_name(struct trace_seq *p, struct nvmet_ctrl *ctrl)
* If we can know the extra data of the connect command in this stage,
* we can update this print statement later.
*/
- if (ctrl)
- trace_seq_printf(p, "%d", ctrl->cntlid);
+ if (ctrl_id)
+ trace_seq_printf(p, "%d", ctrl_id);
else
trace_seq_printf(p, "_");
trace_seq_putc(p, 0);
diff --git a/drivers/nvme/target/trace.h b/drivers/nvme/target/trace.h
index 6109b3806b12..68f5317b1251 100644
--- a/drivers/nvme/target/trace.h
+++ b/drivers/nvme/target/trace.h
@@ -32,18 +32,24 @@ const char *nvmet_trace_parse_fabrics_cmd(struct trace_seq *p, u8 fctype,
nvmet_trace_parse_nvm_cmd(p, opcode, cdw10) : \
nvmet_trace_parse_admin_cmd(p, opcode, cdw10)))
-const char *nvmet_trace_ctrl_name(struct trace_seq *p, struct nvmet_ctrl *ctrl);
-#define __print_ctrl_name(ctrl) \
- nvmet_trace_ctrl_name(p, ctrl)
+const char *nvmet_trace_ctrl_id(struct trace_seq *p, u16 ctrl_id);
+#define __print_ctrl_id(ctrl_id) \
+ nvmet_trace_ctrl_id(p, ctrl_id)
const char *nvmet_trace_disk_name(struct trace_seq *p, char *name);
#define __print_disk_name(name) \
nvmet_trace_disk_name(p, name)
#ifndef TRACE_HEADER_MULTI_READ
-static inline struct nvmet_ctrl *nvmet_req_to_ctrl(struct nvmet_req *req)
+static inline u16 nvmet_req_to_ctrl_id(struct nvmet_req *req)
{
- return req->sq->ctrl;
+ /*
+ * The queue and controller pointer are not valid until an association
+ * has been established.
+ */
+ if (!req->sq || !req->sq->ctrl)
+ return 0;
+ return req->sq->ctrl->cntlid;
}
static inline void __assign_req_name(char *name, struct nvmet_req *req)
@@ -63,7 +69,7 @@ TRACE_EVENT(nvmet_req_init,
TP_ARGS(req, cmd),
TP_STRUCT__entry(
__field(struct nvme_command *, cmd)
- __field(struct nvmet_ctrl *, ctrl)
+ __field(u16, ctrl_id)
__array(char, disk, DISK_NAME_LEN)
__field(int, qid)
__field(u16, cid)
@@ -76,7 +82,7 @@ TRACE_EVENT(nvmet_req_init,
),
TP_fast_assign(
__entry->cmd = cmd;
- __entry->ctrl = nvmet_req_to_ctrl(req);
+ __entry->ctrl_id = nvmet_req_to_ctrl_id(req);
__assign_req_name(__entry->disk, req);
__entry->qid = req->sq->qid;
__entry->cid = cmd->common.command_id;
@@ -90,7 +96,7 @@ TRACE_EVENT(nvmet_req_init,
),
TP_printk("nvmet%s: %sqid=%d, cmdid=%u, nsid=%u, flags=%#x, "
"meta=%#llx, cmd=(%s, %s)",
- __print_ctrl_name(__entry->ctrl),
+ __print_ctrl_id(__entry->ctrl_id),
__print_disk_name(__entry->disk),
__entry->qid, __entry->cid, __entry->nsid,
__entry->flags, __entry->metadata,
@@ -104,7 +110,7 @@ TRACE_EVENT(nvmet_req_complete,
TP_PROTO(struct nvmet_req *req),
TP_ARGS(req),
TP_STRUCT__entry(
- __field(struct nvmet_ctrl *, ctrl)
+ __field(u16, ctrl_id)
__array(char, disk, DISK_NAME_LEN)
__field(int, qid)
__field(int, cid)
@@ -112,7 +118,7 @@ TRACE_EVENT(nvmet_req_complete,
__field(u16, status)
),
TP_fast_assign(
- __entry->ctrl = nvmet_req_to_ctrl(req);
+ __entry->ctrl_id = nvmet_req_to_ctrl_id(req);
__entry->qid = req->cq->qid;
__entry->cid = req->cqe->command_id;
__entry->result = le64_to_cpu(req->cqe->result.u64);
@@ -120,7 +126,7 @@ TRACE_EVENT(nvmet_req_complete,
__assign_req_name(__entry->disk, req);
),
TP_printk("nvmet%s: %sqid=%d, cmdid=%u, res=%#llx, status=%#x",
- __print_ctrl_name(__entry->ctrl),
+ __print_ctrl_id(__entry->ctrl_id),
__print_disk_name(__entry->disk),
__entry->qid, __entry->cid, __entry->result, __entry->status)
--
2.43.0
next prev parent reply other threads:[~2023-12-18 15:40 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-18 15:30 [PATCH v3 00/17] enable nvmet-fc for blktests Daniel Wagner
2023-12-18 15:30 ` [PATCH v3 01/16] nvmet: report ioccsz and iorcsz for disc ctrl Daniel Wagner
2023-12-19 4:27 ` Christoph Hellwig
2023-12-20 0:50 ` Max Gurtovoy
2023-12-19 7:24 ` Hannes Reinecke
2023-12-19 15:15 ` Daniel Wagner
2023-12-18 15:30 ` [PATCH v3 02/16] nvmet-fc: remove unnecessary bracket Daniel Wagner
2023-12-19 4:27 ` Christoph Hellwig
2023-12-19 7:25 ` Hannes Reinecke
2023-12-18 15:30 ` Daniel Wagner [this message]
2023-12-19 4:29 ` [PATCH v3 03/16] nvmet-trace: avoid dereferencing pointer too early Christoph Hellwig
2023-12-18 15:30 ` [PATCH v3 04/16] nvmet-trace: null terminate device name string correctly Daniel Wagner
2023-12-19 4:29 ` Christoph Hellwig
2023-12-18 15:30 ` [PATCH v3 05/16] nvmet-fcloop: Remove remote port from list when unlinking Daniel Wagner
2023-12-19 4:31 ` Christoph Hellwig
2023-12-19 7:26 ` Hannes Reinecke
2023-12-18 15:30 ` [PATCH v3 06/16] nvme-fc: Do not wait in vain when unloading module Daniel Wagner
2023-12-19 4:35 ` Christoph Hellwig
2024-01-05 5:05 ` Keith Busch
2023-12-19 7:28 ` Hannes Reinecke
2023-12-18 15:30 ` [PATCH v3 07/16] nvmet-fc: Release reference on target port Daniel Wagner
2023-12-19 4:36 ` Christoph Hellwig
2023-12-19 7:28 ` Hannes Reinecke
2023-12-18 15:30 ` [PATCH v3 08/16] nvmet-fc: untangle cross refcounting objects Daniel Wagner
2023-12-19 5:16 ` Christoph Hellwig
2023-12-21 9:15 ` Daniel Wagner
2024-01-26 15:32 ` Daniel Wagner
2023-12-19 7:59 ` Hannes Reinecke
2023-12-18 15:30 ` [PATCH v3 09/16] nvmet-fc: free queue and assoc directly Daniel Wagner
2023-12-19 7:59 ` Hannes Reinecke
2023-12-18 15:30 ` [PATCH v3 10/16] nvmet-fc: hold reference on hostport match Daniel Wagner
2023-12-19 8:00 ` Hannes Reinecke
2023-12-18 15:30 ` [PATCH v3 11/16] nvmet-fc: remove null hostport pointer check Daniel Wagner
2023-12-19 11:37 ` Hannes Reinecke
2023-12-18 15:31 ` [PATCH v3 12/16] nvmet-fc: do not tack refs on tgtports from assoc Daniel Wagner
2023-12-19 11:38 ` Hannes Reinecke
2023-12-18 15:31 ` [PATCH v3 13/16] nvmet-fc: abort command if when there is binding Daniel Wagner
2023-12-19 11:39 ` Hannes Reinecke
2023-12-18 15:31 ` [PATCH v3 14/16] nvmet-fc: free hostport after release reference to tgtport Daniel Wagner
2023-12-19 11:41 ` Hannes Reinecke
2023-12-18 15:31 ` [PATCH v3 15/16] nvmet-fc: avoid deadlock on delete association path Daniel Wagner
2023-12-19 6:00 ` kernel test robot
2023-12-19 8:29 ` kernel test robot
2023-12-19 11:17 ` kernel test robot
2023-12-19 11:43 ` Hannes Reinecke
2023-12-18 15:31 ` [PATCH v3 16/16] nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner
2023-12-19 11:47 ` Hannes Reinecke
2023-12-18 15:31 ` [PATCH v3 17/17] nvmet-fc: add extensive debug logging Daniel Wagner
2023-12-19 11:54 ` Hannes Reinecke
2023-12-19 14:06 ` Daniel Wagner
2023-12-18 16:10 ` [PATCH v3 00/17] enable nvmet-fc for blktests Maurizio Lombardi
2024-01-02 21:36 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231218153105.12717-4-dwagner@suse.de \
--to=dwagner@suse.de \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=james.smart@broadcom.com \
--cc=kbusch@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox