* [PATCH] nvme-tcp: Fix UAF when detecting digest errors
@ 2022-09-05 10:54 Sagi Grimberg
2022-09-05 12:04 ` Daniel Wagner
2022-09-06 4:43 ` Christoph Hellwig
0 siblings, 2 replies; 4+ messages in thread
From: Sagi Grimberg @ 2022-09-05 10:54 UTC (permalink / raw)
To: linux-nvme, Christoph Hellwig
Cc: Keith Busch, Chaitanya Kulkarni, Daniel Wagner
We should also bail from the io_work loop when we
set rd_enabled to true, so we don't attempt to read
data from the socket when the tcp stream is already
out-of-sync or corrupted.
Fixes: 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver")
Reported-by: Daniel Wagner <dwagner@suse.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
---
drivers/nvme/host/tcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index 044da18c06f5..54b4e8a7fe42 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -1229,7 +1229,7 @@ static void nvme_tcp_io_work(struct work_struct *w)
else if (unlikely(result < 0))
return;
- if (!pending)
+ if (!pending || !queue->rd_enabled)
return;
} while (!time_after(jiffies, deadline)); /* quota is exhausted */
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] nvme-tcp: Fix UAF when detecting digest errors
2022-09-05 10:54 [PATCH] nvme-tcp: Fix UAF when detecting digest errors Sagi Grimberg
@ 2022-09-05 12:04 ` Daniel Wagner
2022-09-19 7:33 ` Daniel Wagner
2022-09-06 4:43 ` Christoph Hellwig
1 sibling, 1 reply; 4+ messages in thread
From: Daniel Wagner @ 2022-09-05 12:04 UTC (permalink / raw)
To: Sagi Grimberg
Cc: linux-nvme, Christoph Hellwig, Keith Busch, Chaitanya Kulkarni
On Mon, Sep 05, 2022 at 01:54:17PM +0300, Sagi Grimberg wrote:
> We should also bail from the io_work loop when we
> set rd_enabled to true, so we don't attempt to read
> data from the socket when the tcp stream is already
> out-of-sync or corrupted.
>
> Fixes: 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver")
> Reported-by: Daniel Wagner <dwagner@suse.de>
> Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Makes sense independent of my bug report. I let you know what the
outcome of our customers testing is.
Reviewed-by: Daniel Wagner <dwagner@suse.de>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] nvme-tcp: Fix UAF when detecting digest errors
2022-09-05 10:54 [PATCH] nvme-tcp: Fix UAF when detecting digest errors Sagi Grimberg
2022-09-05 12:04 ` Daniel Wagner
@ 2022-09-06 4:43 ` Christoph Hellwig
1 sibling, 0 replies; 4+ messages in thread
From: Christoph Hellwig @ 2022-09-06 4:43 UTC (permalink / raw)
To: Sagi Grimberg
Cc: linux-nvme, Christoph Hellwig, Keith Busch, Chaitanya Kulkarni,
Daniel Wagner
Thanks,
applied to nvme-6.0.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] nvme-tcp: Fix UAF when detecting digest errors
2022-09-05 12:04 ` Daniel Wagner
@ 2022-09-19 7:33 ` Daniel Wagner
0 siblings, 0 replies; 4+ messages in thread
From: Daniel Wagner @ 2022-09-19 7:33 UTC (permalink / raw)
To: Sagi Grimberg
Cc: linux-nvme, Christoph Hellwig, Keith Busch, Chaitanya Kulkarni
Hi Sagi,
On Mon, Sep 05, 2022 at 02:04:21PM +0200, Daniel Wagner wrote:
> On Mon, Sep 05, 2022 at 01:54:17PM +0300, Sagi Grimberg wrote:
> > We should also bail from the io_work loop when we
> > set rd_enabled to true, so we don't attempt to read
> > data from the socket when the tcp stream is already
> > out-of-sync or corrupted.
> >
> > Fixes: 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver")
> > Reported-by: Daniel Wagner <dwagner@suse.de>
> > Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
>
> Makes sense independent of my bug report. I let you know what the
> outcome of our customers testing is.
Finally got feedback on this patch. It fixes the reported problem. The
host doesn't crash anymore:
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
nvme nvme10: data digest error: recv 0x0 expected 0xee74c89b
nvme nvme10: data digest error: recv 0x0 expected 0xee74c89b
nvme nvme10: data digest error: recv 0x0 expected 0x7b844ccf
Thanks!
Daniel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-09-19 7:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-05 10:54 [PATCH] nvme-tcp: Fix UAF when detecting digest errors Sagi Grimberg
2022-09-05 12:04 ` Daniel Wagner
2022-09-19 7:33 ` Daniel Wagner
2022-09-06 4:43 ` Christoph Hellwig
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.