Hi Sagi,
On Fri, Mar 05, 2021 at 11:57:30AM -0800, Sagi Grimberg wrote:
Daniel, again, there is nothing specific about this to nvme-tcp,
this is a safeguard against a funky controller (or a different
bug that is hidden by this).
As far I can tell, the main difference between nvme-tcp and FC/NVMe,
nvme-tcp has not a FW or a big driver which filter out some noise from a
misbehaving controller. I haven't really checked the other transports
but I wouldn't surprised they share the same properties as FC/NVMe.
The same can happen in any other transport so I would suggest that if
this is a safeguard we want to put in place, we should make it a
generic one.
i.e. nvme_tag_to_rq() that _all_ transports call consistently.
Okay, I'll review all the relevant code and see what could made more
generic and consistent.
Though I think nvme-tcp plays in a different league as it is exposed to
normal networking traffic and this is a very hostile environment.
It is, but in this situation, the controller is sending a second
completion that results in a use-after-free, which makes the
transport irrelevant. Unless there is some other flow (which is unclear
to me) that causes this which is a bug that needs to be fixed rather
than hidden with a safeguard.
