nvme-tcp: fix possible null deref on a timed out io queue connect
authorSagi Grimberg <sagi@grimberg.me>
Mon, 29 Apr 2019 23:25:48 +0000 (16:25 -0700)
committerChristoph Hellwig <hch@lst.de>
Wed, 1 May 2019 13:17:15 +0000 (09:17 -0400)
If I/O queue connect times out, we might have freed the queue socket
already, so check for that on the error path in nvme_tcp_start_queue.

Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
drivers/nvme/host/tcp.c

index 2405bb9..2b107a1 100644 (file)
@@ -1423,7 +1423,8 @@ static int nvme_tcp_start_queue(struct nvme_ctrl *nctrl, int idx)
        if (!ret) {
                set_bit(NVME_TCP_Q_LIVE, &ctrl->queues[idx].flags);
        } else {
-               __nvme_tcp_stop_queue(&ctrl->queues[idx]);
+               if (test_bit(NVME_TCP_Q_ALLOCATED, &ctrl->queues[idx].flags))
+                       __nvme_tcp_stop_queue(&ctrl->queues[idx]);
                dev_err(nctrl->device,
                        "failed to connect queue: %d ret=%d\n", idx, ret);
        }