Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2233562ybi; Thu, 20 Jun 2019 11:18:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSkEHHopCeBDIQVTTaDAN2SV8Xj5reT62Z9N7RBdkg4NA+zl5c8KBsr6wjebkbTs4Pci1F X-Received: by 2002:a63:8442:: with SMTP id k63mr8914113pgd.105.1561054726249; Thu, 20 Jun 2019 11:18:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561054726; cv=none; d=google.com; s=arc-20160816; b=QBsmPJaQPPY4WL+wm5lvVwnLZ8pSq3XouQen5d5GzCa7cEMkUTF6zglR3HLQyFCnz7 +4c9QJgbgS99UM3RI5ulgZfca/+zDyGvkKGk8iN6i6mC0jnn5QV0SJP27+OH3sazxx7j KfD52CmxafPxnWtED68sOPHAAm+5ZUoJ3aICl1jqob6lM/LB+S15ENQKyi60izjrqYoa KwmG/2ivoppWo64uQi0PzuWeCKtgUqYSc1k9tVmA02UYE3wiLTBKbfGx850Ijxd0I7KK XCIYjk69rMppHkjLr/wskNqsFpCP2ZUBpqXI3rWIbKlBBivO4Qut4IniAKh8SgN6NMXD fOGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=JtCNlodspy9q6kC1Xy6/44lkS/KlzvAEmcvoMFSWV28=; b=UpxaxyEc2LhURVzPlw2npXLcVXyztfm5Z7HdouFp31MzGFIA4bEw2TpV0VzZT/cRG/ fyxUIRmimupQQSW2cYF86rM8mZd75FwAWJMt9qHVvC0mlwM7HcWiWJZUrHHbppZG5+w3 akuzA/35egn4nRNUVuA4m+RuvnrD1OAcXEfpTnhHuK9xHaZhs8uyPLjvFj+2nxZVXuq8 6jhoqBqc+vA0iYB+k+HAiVgs5/iBxoquA6fZoDxU6R9pK2SsjFeL5wFMRUxcTG6rJwkp BYXj7/0cdEP/tdvlYRiiZUPE7ewNmAq+gdyc2YZ6OjgP7dc6OzZK4HCwkoWOVzbBjdCu 7I7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uylZSdq7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 44si368916pld.51.2019.06.20.11.18.30; Thu, 20 Jun 2019 11:18:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uylZSdq7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728803AbfFTSRS (ORCPT + 99 others); Thu, 20 Jun 2019 14:17:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:46540 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729904AbfFTSRP (ORCPT ); Thu, 20 Jun 2019 14:17:15 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 45CB92084E; Thu, 20 Jun 2019 18:17:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561054634; bh=zbbJ+n/QIA+V23v39znOaxtd+3fxvubQF/dCTR4+Cec=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uylZSdq7GMkzyool9u33r72RhXZrwpHtn9++tfdLnbudkYh9Bw4IVpvbuVSCZJgGu kA+SLW22Clg3GF5jhH9drEXqtBnKgCsjViMK+9gaOoGtVkjHI+Ch1Q7Z5bUnANjYjZ YtnJDoFd1IrN5XSPXTvVFw74cycUmGDVwo4DYL3g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sagi Grimberg , Christoph Hellwig Subject: [PATCH 5.1 96/98] nvme-tcp: fix possible null deref on a timed out io queue connect Date: Thu, 20 Jun 2019 19:58:03 +0200 Message-Id: <20190620174354.249889996@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190620174349.443386789@linuxfoundation.org> References: <20190620174349.443386789@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sagi Grimberg commit f34e25898a608380a60135288019c4cb6013bec8 upstream. If I/O queue connect times out, we might have freed the queue socket already, so check for that on the error path in nvme_tcp_start_queue. Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig Signed-off-by: Greg Kroah-Hartman --- drivers/nvme/host/tcp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -1423,7 +1423,8 @@ static int nvme_tcp_start_queue(struct n if (!ret) { set_bit(NVME_TCP_Q_LIVE, &ctrl->queues[idx].flags); } else { - __nvme_tcp_stop_queue(&ctrl->queues[idx]); + if (test_bit(NVME_TCP_Q_ALLOCATED, &ctrl->queues[idx].flags)) + __nvme_tcp_stop_queue(&ctrl->queues[idx]); dev_err(nctrl->device, "failed to connect queue: %d ret=%d\n", idx, ret); }