Commit 94bbac40 authored by Keith Busch's avatar Keith Busch Committed by Matthew Wilcox

NVMe: Protect against badly formatted CQEs

If a misbehaving device posts a CQE with a command id < depth but for
one that was never allocated, the command info will have a callback
function set to NULL and we don't want to try invoking that.
Signed-off-by: default avatarKeith Busch <keith.busch@intel.com>
Signed-off-by: default avatarMatthew Wilcox <matthew.r.wilcox@intel.com>
parent 27e8166c
...@@ -243,8 +243,9 @@ static void *free_cmdid(struct nvme_queue *nvmeq, int cmdid, ...@@ -243,8 +243,9 @@ static void *free_cmdid(struct nvme_queue *nvmeq, int cmdid,
void *ctx; void *ctx;
struct nvme_cmd_info *info = nvme_cmd_info(nvmeq); struct nvme_cmd_info *info = nvme_cmd_info(nvmeq);
if (cmdid >= nvmeq->q_depth) { if (cmdid >= nvmeq->q_depth || !info[cmdid].fn) {
*fn = special_completion; if (fn)
*fn = special_completion;
return CMD_CTX_INVALID; return CMD_CTX_INVALID;
} }
if (fn) if (fn)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment