Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2832227pxb; Mon, 1 Nov 2021 02:46:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwfTQBl7AE8Dms8UOCsyiJ6jAer5G+jVKBV2LtSzHAPvfKZpIgLdRgtUh4oiPGGVXEd+9FT X-Received: by 2002:a05:6602:2e08:: with SMTP id o8mr739064iow.178.1635760009436; Mon, 01 Nov 2021 02:46:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635760009; cv=none; d=google.com; s=arc-20160816; b=DCMTrklSWCPDhgLtYYgW5i/4AY9LRUPYDhj8eI1vSNVrry/jnmveCmN5D9oBNGkRHk Qq4QWNyplodcjsqHH0sKi0ofDyUIQTHJX6sFGvT0pMjJmbkeqY5JxXIeWE2tIXJy/x2s H4qIEfgbA5vTn9WoIwXrHU/+cqUjnX5O2JOAazkUYhFX800myEgQs3AgJ0v83WeSQZGN vhgbF/SX3/HWr46+gEbFszkCN2MerdUCotMaOPO6SYKXd2XdYsqa/ucVP2G/99A0fYqO 9h3LXqF6N/fw4j+lG12vv45VfdFy4IE8RmchMam6t4oaMl2G27z4GDN3hlKW7iU5eO4l 2Rxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6NQUrTfz76R4CGFcMZBErQbilG3iU7hWurp/rm7+jZo=; b=ezPVVa3XkMdWR4tUmuCjuf9eDkFs8qzI/v5prIcQEWXgUDNuWZx2mMe49CN2QNLOtT M8iiKT1V2O0n5dzZ1SMdrGdWDjVZieLs+l6EtEI9YZtA8EZm0y5pcSpkmPDvMvpBMcf2 aM5hnUDF+bOEj4P4UjW9jgOU4M53tGoMHFec6bgRlPBLQilLnMTao4INYK/EX6DV+oKd LOUUY1vTNuCGcJ8txwBibS57g0bnavM67eWKsq9RwPNcgbXQIyLfv95JhDw3Xmm118Ax eg9Wk01MhMvfi3AXsSgFVQvZD0KqLwa0/+q8vJ1quvsIZmg03v+yUGD704v4pXULG6ww 1FFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=bE8P0XKk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x1si18869970jas.62.2021.11.01.02.46.37; Mon, 01 Nov 2021 02:46:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=bE8P0XKk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233874AbhKAJrc (ORCPT + 99 others); Mon, 1 Nov 2021 05:47:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:47854 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233007AbhKAJlt (ORCPT ); Mon, 1 Nov 2021 05:41:49 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D6F1B61211; Mon, 1 Nov 2021 09:28:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635758896; bh=pHgIXB1POtNikYwjv7gLC5ojflo5367A1qs0gXt4GsY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bE8P0XKklqIgq/w+6f1wbcS64y/i/Q/e5odjtkSFv9xr4xi3eQdhPXYUyV7rUiQcc Jq75JPanKcB5NMEzq26A7c2/bJBYj/U/BTyI5UKqZMQIOBR1HMOEFtEBK/U+rzGJxf KWZ9SCBd5amXV63QVaCBQ0vQ3RiuyykZ9K8KRpzQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Keith Busch , Sagi Grimberg , Christoph Hellwig Subject: [PATCH 5.14 027/125] nvme-tcp: fix H2CData PDU send accounting (again) Date: Mon, 1 Nov 2021 10:16:40 +0100 Message-Id: <20211101082538.550696287@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082533.618411490@linuxfoundation.org> References: <20211101082533.618411490@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sagi Grimberg commit 25e1f67eda4a19c91dc05c84d6d413c53efb447b upstream. We should not access request members after the last send, even to determine if indeed it was the last data payload send. The reason is that a completion could have arrived and trigger a new execution of the request which overridden these members. This was fixed by commit 825619b09ad3 ("nvme-tcp: fix possible use-after-completion"). Commit e371af033c56 broke that assumption again to address cases where multiple r2t pdus are sent per request. To fix it, we need to record the request data_sent and data_len and after the payload network send we reference these counters to determine weather we should advance the request iterator. Fixes: e371af033c56 ("nvme-tcp: fix incorrect h2cdata pdu offset accounting") Reported-by: Keith Busch Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Sagi Grimberg Reviewed-by: Keith Busch Signed-off-by: Christoph Hellwig Signed-off-by: Greg Kroah-Hartman --- drivers/nvme/host/tcp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -913,12 +913,14 @@ static void nvme_tcp_fail_request(struct static int nvme_tcp_try_send_data(struct nvme_tcp_request *req) { struct nvme_tcp_queue *queue = req->queue; + int req_data_len = req->data_len; while (true) { struct page *page = nvme_tcp_req_cur_page(req); size_t offset = nvme_tcp_req_cur_offset(req); size_t len = nvme_tcp_req_cur_length(req); bool last = nvme_tcp_pdu_last_send(req, len); + int req_data_sent = req->data_sent; int ret, flags = MSG_DONTWAIT; if (last && !queue->data_digest && !nvme_tcp_queue_more(queue)) @@ -945,7 +947,7 @@ static int nvme_tcp_try_send_data(struct * in the request where we don't want to modify it as we may * compete with the RX path completing the request. */ - if (req->data_sent + ret < req->data_len) + if (req_data_sent + ret < req_data_len) nvme_tcp_advance_req(req, ret); /* fully successful last send in current PDU */