Skip to content

Commit

Permalink
nvme-tcp: don't access released socket during error recovery
Browse files Browse the repository at this point in the history
While the error recovery work is temporarily failing reconnect attempts,
running the 'nvme list' command causes a kernel NULL pointer dereference
by calling getsockname() with a released socket.

During error recovery work, the nvme tcp socket is released and a new one
created, so it is not safe to access the socket without proper check.

Signed-off-by: Akinobu Mita <[email protected]>
Fixes: 02c57a8 ("nvme-tcp: print actual source IP address through sysfs "address" attr")
Reviewed-by: Martin Belanger <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>
Signed-off-by: Christoph Hellwig <[email protected]>
  • Loading branch information
mita authored and Christoph Hellwig committed Feb 28, 2023
1 parent 51d24f7 commit 76d54bf
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions drivers/nvme/host/tcp.c
Original file line number Diff line number Diff line change
Expand Up @@ -2489,13 +2489,19 @@ static int nvme_tcp_get_address(struct nvme_ctrl *ctrl, char *buf, int size)

len = nvmf_get_address(ctrl, buf, size);

mutex_lock(&queue->queue_lock);

if (!test_bit(NVME_TCP_Q_LIVE, &queue->flags))
goto done;
ret = kernel_getsockname(queue->sock, (struct sockaddr *)&src_addr);
if (ret > 0) {
if (len > 0)
len--; /* strip trailing newline */
len += scnprintf(buf + len, size - len, "%ssrc_addr=%pISc\n",
(len) ? "," : "", &src_addr);
}
done:
mutex_unlock(&queue->queue_lock);

return len;
}
Expand Down

0 comments on commit 76d54bf

Please sign in to comment.