* [PATCH] nvme-rdma: fix null pointer dereference on req->mr
@ 2016-09-05 15:24 ` Colin King
0 siblings, 0 replies; 6+ messages in thread
From: Colin King @ 2016-09-05 15:24 UTC (permalink / raw)
To: Keith Busch, Jens Axboe, linux-nvme; +Cc: linux-kernel
From: Colin Ian King <colin.king@canonical.com>
If there is an error on req->mr, req->mr is set to null, however
the following statement sets req->mr->need_inval causing a null
pointer dereference. Fix this by bailing out to label 'out' to
immediately return and hence skip over the offending null pointer
dereference.
Fixes: f5b7b559e1488 ("nvme-rdma: Get rid of duplicate variable")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/nvme/host/rdma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index ab545fb..162b8c0 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -291,6 +291,7 @@ static int nvme_rdma_reinit_request(void *data, struct request *rq)
if (IS_ERR(req->mr)) {
ret = PTR_ERR(req->mr);
req->mr = NULL;
+ goto out;
}
req->mr->need_inval = false;
--
2.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] nvme-rdma: fix null pointer dereference on req->mr
@ 2016-09-05 15:24 ` Colin King
0 siblings, 0 replies; 6+ messages in thread
From: Colin King @ 2016-09-05 15:24 UTC (permalink / raw)
From: Colin Ian King <colin.king@canonical.com>
If there is an error on req->mr, req->mr is set to null, however
the following statement sets req->mr->need_inval causing a null
pointer dereference. Fix this by bailing out to label 'out' to
immediately return and hence skip over the offending null pointer
dereference.
Fixes: f5b7b559e1488 ("nvme-rdma: Get rid of duplicate variable")
Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
drivers/nvme/host/rdma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index ab545fb..162b8c0 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -291,6 +291,7 @@ static int nvme_rdma_reinit_request(void *data, struct request *rq)
if (IS_ERR(req->mr)) {
ret = PTR_ERR(req->mr);
req->mr = NULL;
+ goto out;
}
req->mr->need_inval = false;
--
2.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] nvme-rdma: fix null pointer dereference on req->mr
2016-09-05 15:24 ` Colin King
@ 2016-09-06 6:24 ` Christoph Hellwig
-1 siblings, 0 replies; 6+ messages in thread
From: Christoph Hellwig @ 2016-09-06 6:24 UTC (permalink / raw)
To: Colin King; +Cc: Keith Busch, Jens Axboe, linux-nvme, linux-kernel
On Mon, Sep 05, 2016 at 04:24:38PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> If there is an error on req->mr, req->mr is set to null, however
> the following statement sets req->mr->need_inval causing a null
> pointer dereference. Fix this by bailing out to label 'out' to
> immediately return and hence skip over the offending null pointer
> dereference.
>
> Fixes: f5b7b559e1488 ("nvme-rdma: Get rid of duplicate variable")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
Looks fine,
Reviewed-by: Christoph Hellwig <hch@lst.de>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] nvme-rdma: fix null pointer dereference on req->mr
@ 2016-09-06 6:24 ` Christoph Hellwig
0 siblings, 0 replies; 6+ messages in thread
From: Christoph Hellwig @ 2016-09-06 6:24 UTC (permalink / raw)
On Mon, Sep 05, 2016@04:24:38PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> If there is an error on req->mr, req->mr is set to null, however
> the following statement sets req->mr->need_inval causing a null
> pointer dereference. Fix this by bailing out to label 'out' to
> immediately return and hence skip over the offending null pointer
> dereference.
>
> Fixes: f5b7b559e1488 ("nvme-rdma: Get rid of duplicate variable")
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
Looks fine,
Reviewed-by: Christoph Hellwig <hch at lst.de>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nvme-rdma: fix null pointer dereference on req->mr
2016-09-05 15:24 ` Colin King
@ 2016-09-06 9:31 ` Sagi Grimberg
-1 siblings, 0 replies; 6+ messages in thread
From: Sagi Grimberg @ 2016-09-06 9:31 UTC (permalink / raw)
To: Colin King, Keith Busch, Jens Axboe, linux-nvme; +Cc: linux-kernel
Thanks Colin,
queued for the next round of rc fixes.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] nvme-rdma: fix null pointer dereference on req->mr
@ 2016-09-06 9:31 ` Sagi Grimberg
0 siblings, 0 replies; 6+ messages in thread
From: Sagi Grimberg @ 2016-09-06 9:31 UTC (permalink / raw)
Thanks Colin,
queued for the next round of rc fixes.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-09-06 9:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-05 15:24 [PATCH] nvme-rdma: fix null pointer dereference on req->mr Colin King
2016-09-05 15:24 ` Colin King
2016-09-06 6:24 ` Christoph Hellwig
2016-09-06 6:24 ` Christoph Hellwig
2016-09-06 9:31 ` Sagi Grimberg
2016-09-06 9:31 ` Sagi Grimberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.