[PATCH] nvme: fix potential invalid pointer dereference
Keith Busch
kbusch at kernel.org
Fri Jan 27 07:58:31 PST 2023
On Fri, Jan 27, 2023 at 04:42:37PM +0100, Maurizio Lombardi wrote:
> If nvme_alloc_admin_tag_set() fails, the admin_q and fabrics_q pointers
> are left with an invalid, non-NULL value;
> Other functions may then check the pointers' value and dereference them,
> like it happens in
> nvme_probe() -> out_disable: -> nvme_dev_remove_admin().
>
> Fix the bug by setting admin_q and fabrics_q to NULL in case of error.
> Also fix a NULL pointer dereference (the ctrl->admin_tagset pointer
> is only initialized just before returning success;
> therefore, in the error code path, blk_mq_free_tag_set() must be
> called against the "set" variable).
Looks good.
Reviewed-by: Keith Busch <kbusch at kernel.org>
More information about the Linux-nvme
mailing list