Null pointer dereference in nvme_ctrl_reconnect_delay_show
Sagi Grimberg
sagi at grimberg.me
Mon Aug 24 18:50:30 EDT 2020
> Hi all,
>
> I hope this is the right channel for bug reports regarding the NVMe subsystem.
>
> Trying to read sysfs attributes of an NVMe drive resulted in a null pointer dereference on 5.9.0-rc2.
>
> The precise command was:
> udevadm info --attribute-walk --path=/sys/block/nvme0n1
>
> Using strace, I found out that the bug occurs reproducibly when reading
> /sys/block/nvme0n1/device/ctrl_loss_tmo
>
> I could further determine that ctrl->opts is not set in the struct nvme_ctrl in nvme_ctrl_reconnect_delay_show.
>
> I could reproduce this bug with the latest NVMe fixes (commit c41c3ec4) as well.
Yep, thanks for reporting, this should fix the issue:
nvme: Fix NULL dereference for pci nvme controllers
PCIe controllers do not have fabric opts, verify they exist before
showing ctrl_loss_tmo or reconnect_delay attributes.
Fixes: 764075fdcb2f ("nvme: expose reconnect_delay and ctrl_loss_tmo via
sysfs")
Reported-by: Tobias Markus <tobias at markus-regensburg.de>
Signed-off-by: Sagi Grimberg <sagi at grimberg.me>
---
drivers/nvme/host/core.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 537dcd900cb5..2039f5dac4f4 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3676,6 +3676,12 @@ static umode_t nvme_dev_attrs_are_visible(struct
kobject *kobj,
return 0;
if (a == &dev_attr_hostid.attr && !ctrl->opts)
return 0;
+ if (a == &dev_attr_hostid.attr && !ctrl->opts)
+ return 0;
+ if (a == &dev_attr_ctrl_loss_tmo.attr && !ctrl->opts)
+ return 0;
+ if (a == &dev_attr_reconnect_delay.attr && !ctrl->opts)
+ return 0;
return a->mode;
}
--
Will send a patch
More information about the Linux-nvme
mailing list