[PATCH] nvme: avoid NULL pointer dereference in admin queue initialization error path
Chaitanya Kulkarni
chaitanyak at nvidia.com
Thu Apr 21 15:05:20 PDT 2022
On 4/21/22 14:58, Chaitanya Kulkarni wrote:
> On 4/21/22 13:55, Smith, Kyle Miller (Nimble Kernel) wrote:
>> In nvme_alloc_admin_tags, the admin_q can be set to an error (typically
>> -ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which is
>> checked for immediately after the call. However, when we return the error
>> up the stack to nvme_reset_work the error takes us to
>> nvme_remove_dead_ctrl -> nvme_dev_disable ->
>> nvme_suspend_queue(&dev->queues[0]). Here, we only check that the admin_q
>> is non-NULL, rather than not an error or NULL, and begin quiescing a queue
>> that never existed, leading to bad / NULL pointer dereference.
>>
also consider following commit log :-
In nvme_alloc_admin_tags, the admin_q can be set to an error (typically
-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which
is checked immediately after the call. However, when we return the error
message up the stack, to nvme_reset_work the error takes us to
nvme_remove_dead_ctrl()
nvme_dev_disable()
nvme_suspend_queue(&dev->queues[0]).
Here, we only check that the admin_q is non-NULL, rather than not
an error or NULL, and begin quiescing a queuethat never existed, leading
to bad / NULL pointer dereference.
-ck
More information about the Linux-nvme
mailing list