nvmet-tcp: fix a crash in nvmet_req_complete()
[ Upstream commit 0849a544 ] in nvmet_tcp_handle_h2c_data_pdu(), if the host sends a data_offset different from rbytes_done, the driver ends up calling nvmet_req_complete() passing a status error. The problem is that at this point cmd->req is not yet initialized, the kernel will crash after dereferencing a NULL pointer. Fix the bug by replacing the call to nvmet_req_complete() with nvmet_tcp_fatal_error(). Fixes: 872d26a3 ("nvmet-tcp: add NVMe over TCP target driver") Reviewed-by:Keith Busch <kbsuch@kernel.org> Reviewed-by:
Sagi Grimberg <sagi@grimberg.me> Signed-off-by:
Maurizio Lombardi <mlombard@redhat.com> Signed-off-by:
Keith Busch <kbusch@kernel.org> Signed-off-by:
Sasha Levin <sashal@kernel.org>
Loading
Please register or sign in to comment