[PATCH] Fix NULL ptr deref in nvme_ctrl_fast_io_fail_tmo_store
Keith Busch
kbusch at kernel.org
Tue Apr 13 21:49:15 BST 2021
On Tue, Apr 13, 2021 at 03:50:46PM +0530, Gopal Tiwari wrote:
> When trying to set fast_io_fail_tmo from /sys hit kernel crash
>
> [ 1749.892646] RIP: 0010:nvme_ctrl_fast_io_fail_tmo_store+0x55/0x80 [nvme_core]
> [ 1749.918344] RSP: 0018:ffffb52541d53e78 EFLAGS: 00010206
> [ 1749.923550] RAX: 000000000000001e RBX: 0000000000000003 RCX: 0000000000000000
> [ 1749.930653] RDX: 000000000000001e RSI: 000000000000000a RDI: ffff98e75e774d42
> [ 1749.937760] RBP: 0000000000000000 R08: 000000000000001e R09: 0000000000000002
> [ 1749.944862] R10: 000000000000000a R11: f000000000000000 R12: 0000000000000003
> [ 1749.951968] R13: fffffffffffffff2 R14: ffffb52541d53f08 R15: ffff98e74fc240e0
> [ 1749.959072] FS: 00007fc551327740(0000) GS:ffff98e79dc40000(0000) knlGS:000000
> 00000000000
> [ 1749.967127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1749.972852] CR2: 0000000000000064 CR3: 000000043f53c005 CR4: 00000000003706e0
> [ 1749.979956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 1749.987062] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [66824.400512] IPv6: ADDRCONF(NETDEV_UP): wlp0s20f3: link is not ready
> [ 1749.996612] kernfs_fop_write+0x116/0x190
> [ 1750.000610] vfs_write+0xa5/0x1a0
> [ 1750.003918] ksys_write+0x4f/0xb0
>
> Fixed by checking opts for NULL.
>
> Fixes: 09fbed636382 (nvme: export fast_io_fail_tmo to sysfs)
How were you able to access this attribute? It doesn't pass the
.is_visible() test without ctrl->opts..
More information about the Linux-nvme
mailing list