summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKeith Busch <keith.busch@intel.com>2014-04-24 18:53:50 -0600
committerMatthew Wilcox <matthew.r.wilcox@intel.com>2014-05-05 10:41:25 -0400
commit94bbac4052eb93219ca0aa370ca741486b25fb98 (patch)
treeab2d9e4f3a69c4f751d661b7c76f751f4b6fa9c0
parent27e8166c31656f7780e682eaf6bc9c3b8dd03253 (diff)
downloadop-kernel-dev-94bbac4052eb93219ca0aa370ca741486b25fb98.zip
op-kernel-dev-94bbac4052eb93219ca0aa370ca741486b25fb98.tar.gz
NVMe: Protect against badly formatted CQEs
If a misbehaving device posts a CQE with a command id < depth but for one that was never allocated, the command info will have a callback function set to NULL and we don't want to try invoking that. Signed-off-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Matthew Wilcox <matthew.r.wilcox@intel.com>
-rw-r--r--drivers/block/nvme-core.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/block/nvme-core.c b/drivers/block/nvme-core.c
index 074e982..b9f07f8 100644
--- a/drivers/block/nvme-core.c
+++ b/drivers/block/nvme-core.c
@@ -243,8 +243,9 @@ static void *free_cmdid(struct nvme_queue *nvmeq, int cmdid,
void *ctx;
struct nvme_cmd_info *info = nvme_cmd_info(nvmeq);
- if (cmdid >= nvmeq->q_depth) {
- *fn = special_completion;
+ if (cmdid >= nvmeq->q_depth || !info[cmdid].fn) {
+ if (fn)
+ *fn = special_completion;
return CMD_CTX_INVALID;
}
if (fn)
OpenPOWER on IntegriCloud