nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

	return queue - queue->ctrl->queues;

}

static inline bool nvme_tcp_recv_pdu_supported(enum nvme_tcp_pdu_type type)

{

	switch (type) {

	case nvme_tcp_c2h_term:

	case nvme_tcp_c2h_data:

	case nvme_tcp_r2t:

	case nvme_tcp_rsp:

		return true;

	default:

		return false;

	}

}

/*

 * Check if the queue is TLS encrypted

 */

		return 0;

	hdr = queue->pdu;

	if (unlikely(hdr->hlen != sizeof(struct nvme_tcp_rsp_pdu))) {

		if (!nvme_tcp_recv_pdu_supported(hdr->type))

			goto unsupported_pdu;

		dev_err(queue->ctrl->ctrl.device,

			"pdu type %d has unexpected header length (%d)\n",

			hdr->type, hdr->hlen);

		return -EPROTO;

	}

	if (unlikely(hdr->type == nvme_tcp_c2h_term)) {

		/*

		 * C2HTermReq never includes Header or Data digests.

		nvme_tcp_init_recv_ctx(queue);

		return nvme_tcp_handle_r2t(queue, (void *)queue->pdu);

	default:

		goto unsupported_pdu;

	}

unsupported_pdu:

	dev_err(queue->ctrl->ctrl.device,

		"unsupported pdu type (%d)\n", hdr->type);

	return -EINVAL;

}

}

static inline void nvme_tcp_end_request(struct request *rq, u16 status)

{