Commit 528361c4 authored Mar 05, 2025 by Dan Carpenter Committed by Keith Busch Mar 05, 2025

nvme-tcp: fix signedness bug in nvme_tcp_init_connection()



The kernel_recvmsg() function returns an int which could be either
negative error codes or the number of bytes received.  The problem is
that the condition:

        if (ret < sizeof(*icresp)) {

is type promoted to type unsigned long and negative values are treated
as high positive values which is success, when they should be treated as
failure.  Handle invalid positive returns separately from negative
error codes to avoid this problem.

Fixes: 578539e0 ("nvme-tcp: fix connect failure on receiving partial ICResp PDU")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>

parent a16f8896

drivers/nvme/host/tcp.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -1521,11 +1521,11 @@ static int nvme_tcp_init_connection(struct nvme_tcp_queue *queue)
		msg.msg_flags = MSG_WAITALL;
		ret = kernel_recvmsg(queue->sock, &msg, &iov, 1,
		iov.iov_len, msg.msg_flags);
		if (ret < sizeof(*icresp)) {
		if (ret >= 0 && ret < sizeof(*icresp))
		ret = -ECONNRESET;
		if (ret < 0) {
		pr_warn("queue %d: failed to receive icresp, error %d\n",
		nvme_tcp_queue_id(queue), ret);
		if (ret >= 0)
		ret = -ECONNRESET;
		goto free_icresp;
		}
		ret = -ENOTCONN;