Re: [PATCH v2] nvme-tcp: fix signedness bug in nvme_tcp_init_connection()

From: Caleb Sander Mateos
Date: Wed Mar 05 2025 - 10:58:26 EST

Next message: Tamir Duberstein: "Re: [PATCH v8 4/4] scanf: break kunit into test cases"
Previous message: Christian König: "Re: [PATCH v2] drm/sched: drm_sched_job_cleanup(): correct false doc"
In reply to: Dan Carpenter: "[PATCH v2] nvme-tcp: fix signedness bug in nvme_tcp_init_connection()"
Next in thread: Keith Busch: "Re: [PATCH v2] nvme-tcp: fix signedness bug in nvme_tcp_init_connection()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 5, 2025 at 7:53 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> The kernel_recvmsg() function returns an int which could be either
> negative error codes or the number of bytes received. The problem is
> that the condition:
>
> if (ret < sizeof(*icresp)) {
>
> is type promoted to type unsigned long and negative values are treated
> as high positive values which is success, when they should be treated as
> failure. Handle invalid positive returns separately from negative
> error codes to avoid this problem.
>
> Fixes: 578539e09690 ("nvme-tcp: fix connect failure on receiving partial ICResp PDU")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Reviewed-by: Caleb Sander Mateos <csander@xxxxxxxxxxxxxxx>
> Reviewed-by: Sagi Grimberg <sagi@xxxxxxxxxxx>
> Reviewed-by: Chaitanya Kulkarni <kch@xxxxxxxxxx>
> ---
> v2: Change the style. Add the Reviewed-by tags. (I will feel really bad
> if I introduced a bug in between v1 and v2 and cause everyone
> embarrassment with the R-b tags.)

Still looks good to me.
Reviewed-by: Caleb Sander Mateos <csander@xxxxxxxxxxxxxxx>

>
> drivers/nvme/host/tcp.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index 8a9131c95a3d..b23ce31df97d 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -1495,11 +1495,11 @@ static int nvme_tcp_init_connection(struct nvme_tcp_queue *queue)
> msg.msg_flags = MSG_WAITALL;
> ret = kernel_recvmsg(queue->sock, &msg, &iov, 1,
> iov.iov_len, msg.msg_flags);
> - if (ret < sizeof(*icresp)) {
> + if (ret >= 0 && ret < sizeof(*icresp))
> + ret = -ECONNRESET;
> + if (ret < 0) {
> pr_warn("queue %d: failed to receive icresp, error %d\n",
> nvme_tcp_queue_id(queue), ret);

This log line is slightly less informative now if a partial PDU is
received, since it will log -ECONNRESET instead of the number of bytes
received before the connection was closed. But I think that's fine.

Best,
Caleb

> - if (ret >= 0)
> - ret = -ECONNRESET;
> goto free_icresp;
> }
> ret = -ENOTCONN;
> --
> 2.47.2
>

Next message: Tamir Duberstein: "Re: [PATCH v8 4/4] scanf: break kunit into test cases"
Previous message: Christian König: "Re: [PATCH v2] drm/sched: drm_sched_job_cleanup(): correct false doc"
In reply to: Dan Carpenter: "[PATCH v2] nvme-tcp: fix signedness bug in nvme_tcp_init_connection()"
Next in thread: Keith Busch: "Re: [PATCH v2] nvme-tcp: fix signedness bug in nvme_tcp_init_connection()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]