git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	zhenwei pi <pizhenwei@bytedance.com>
	Sun, 25 Oct 2020 11:51:24 +0000 (19:51 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 10 Nov 2020 11:39:06 +0000 (12:39 +0100)
commit	2b8e8c4716366ccdfd5bad6e25a67dfd208555b8
tree	47b62878e139f478c9ab467eec19ea5493ecf612	tree \| snapshot
parent	52f2be46098c2a2e552f5e44d8e081ebca1c173f	commit \| diff

nvme-rdma: handle unexpected nvme completion data length

[ Upstream commit 25c1ca6ecaba3b751d3f7ff92d5cddff3b05f8d0 ]

Receiving a zero length message leads to the following warnings because
the CQE is processed twice:

refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 0 at lib/refcount.c:28

RIP: 0010:refcount_warn_saturate+0xd9/0xe0
Call Trace:
<IRQ>
nvme_rdma_recv_done+0xf3/0x280 [nvme_rdma]
__ib_process_cq+0x76/0x150 [ib_core]
...

Sanity check the received data length, to avoids this.

Thanks to Chao Leng & Sagi for suggestions.

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>