Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 94bbac40 authored by Keith Busch's avatar Keith Busch Committed by Matthew Wilcox
Browse files

NVMe: Protect against badly formatted CQEs 



If a misbehaving device posts a CQE with a command id < depth but for
one that was never allocated, the command info will have a callback
function set to NULL and we don't want to try invoking that.

Signed-off-by: default avatarKeith Busch <keith.busch@intel.com>
Signed-off-by: default avatarMatthew Wilcox <matthew.r.wilcox@intel.com>
parent 27e8166c

drivers/block/nvme-core.c

+3 −2
Original line number Original line Diff line number Diff line
@@ -243,7 +243,8 @@ static void *free_cmdid(struct nvme_queue *nvmeq, int cmdid, 
	void *ctx;

	void *ctx;

	struct nvme_cmd_info *info = nvme_cmd_info(nvmeq);

	struct nvme_cmd_info *info = nvme_cmd_info(nvmeq);





	if (cmdid >= nvmeq->q_depth) {

	if (cmdid >= nvmeq->q_depth || !info[cmdid].fn) {

		if (fn)

			*fn = special_completion;

			*fn = special_completion;

		return CMD_CTX_INVALID;

		return CMD_CTX_INVALID;

	}

	}