diff options
author | Keith Busch <keith.busch@intel.com> | 2014-04-24 18:53:50 -0600 |
---|---|---|
committer | Matthew Wilcox <matthew.r.wilcox@intel.com> | 2014-05-05 10:41:25 -0400 |
commit | 94bbac4052eb93219ca0aa370ca741486b25fb98 (patch) | |
tree | ab2d9e4f3a69c4f751d661b7c76f751f4b6fa9c0 | |
parent | 27e8166c31656f7780e682eaf6bc9c3b8dd03253 (diff) | |
download | op-kernel-dev-94bbac4052eb93219ca0aa370ca741486b25fb98.zip op-kernel-dev-94bbac4052eb93219ca0aa370ca741486b25fb98.tar.gz |
NVMe: Protect against badly formatted CQEs
If a misbehaving device posts a CQE with a command id < depth but for
one that was never allocated, the command info will have a callback
function set to NULL and we don't want to try invoking that.
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Matthew Wilcox <matthew.r.wilcox@intel.com>
-rw-r--r-- | drivers/block/nvme-core.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/block/nvme-core.c b/drivers/block/nvme-core.c index 074e982..b9f07f8 100644 --- a/drivers/block/nvme-core.c +++ b/drivers/block/nvme-core.c @@ -243,8 +243,9 @@ static void *free_cmdid(struct nvme_queue *nvmeq, int cmdid, void *ctx; struct nvme_cmd_info *info = nvme_cmd_info(nvmeq); - if (cmdid >= nvmeq->q_depth) { - *fn = special_completion; + if (cmdid >= nvmeq->q_depth || !info[cmdid].fn) { + if (fn) + *fn = special_completion; return CMD_CTX_INVALID; } if (fn) |