[PATCH] Fix NULL pointer deref in nvme_ctrl_fast_io_fail_tmo_show
Daniel Wagner
dwagner at suse.de
Tue Apr 13 10:11:44 BST 2021
On Tue, Apr 13, 2021 at 12:19:53PM +0530, Gopal Tiwari wrote:
> When accessing fast_io_fail_tmo from /sys hit kernel crash
>
> #7 [ffff9ddf82467d80] page_fault at ffffffff90e010fe
> [exception RIP: nvme_ctrl_fast_io_fail_tmo_show+22]
> RIP: ffffffffc0465116 RSP: ffff9ddf82467e38 RFLAGS: 00010286
> RAX: 0000000000000000 RBX: ffffffffc0476260 RCX: ffff8b617fe94000
> RDX: ffff8b617fe94000 RSI: ffffffffc0476260 RDI: ffff8b5e45a303a8
> RBP: ffffffff912b7d30 R8: ffff8b5e45a303b8 R9: ffff8b618dae5900
> R10: ffff8b617fe94000 R11: 0000000000000001 R12: 00000000ffffffff
> R13: 0000000000000001 R14: ffff8b617f46ee00 R15: ffff8b60e9a56380
> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
> #8 [ffff9ddf82467e30] mutex_lock at ffffffff90d4a5ce
> #9 [ffff9ddf82467e50] sysfs_kf_seq_show at ffffffff907b0abb
>
> Fixed by the checking opts for NULL.
>
> Fixes: 09fbed636382 (nvme: export fast_io_fail_tmo to sysfs)
> Signed-off-by: Gopal Tiwari <gtiwari at redhat.com>
Do the other functions like nvme_ctrl_loss_tmo_*(),
nvme_sysfs_show_address(), ... not also need this treatment?
More information about the Linux-nvme
mailing list