> diff --git a/drivers/nvme/target/rdma.c b/drivers/nvme/target/rdma.c > index 1b6264fa5803..becebc95f349 100644 > --- a/drivers/nvme/target/rdma.c > +++ b/drivers/nvme/target/rdma.c > @@ -1770,8 +1770,10 @@ static int nvmet_rdma_cm_handler(struct rdma_cm_id *cm_id, > ret = nvmet_rdma_queue_connect(cm_id, event); > break; > case RDMA_CM_EVENT_ESTABLISHED: > - nvmet_rdma_queue_established(queue); > - break; > + if (!queue) { > + nvmet_rdma_queue_established(queue); > + break; > + } This, and the other hunks, just look like nonsense. Why on earth verify that the queue is NULL, then not use NULL after that. Let alone that whatever you pass it into happily dereference it, and now you've also got fallthrough errors all over the place. This needs to go back to the drawing board. I'd worry a lot more about bad code than "potentially malicious hardware", to be honest. -- Jens Axboe