git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit

author	Sagi Grimberg <sagi@grimberg.me>
	Mon, 23 Mar 2020 22:06:30 +0000 (15:06 -0700)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Mon, 25 May 2020 08:41:35 +0000 (10:41 +0200)
commit	b7dbd407d52c49418dc3ad580e9c1baeb2536234
tree	7e32a8a7c61b0461a82f7a2fc60a08e124c5881d	tree
parent	3d495d1e5f173a00eaabd143862a0fc7e14bf22b	commit \| diff

nvme-tcp: fix possible crash in write_zeroes processing

BugLink: https://bugs.launchpad.net/bugs/1876361
[ Upstream commit 25e5cb780e62bde432b401f312bb847edc78b432 ]

We cannot look at blk_rq_payload_bytes without first checking
that the request has a mappable physical segments first (e.g.
blk_rq_nr_phys_segments(rq) != 0) and only then to take the
request payload bytes. This caused us to send a wrong sgl to
the target or even dereference a non-existing buffer in case
we actually got to the data send sequence (if it was in-capsule).

Reported-by: Tony Asleson <tasleson@redhat.com>
Suggested-by: Chaitanya Kulkarni <Chaitanya.Kulkarni@wdc.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>