[PATCH] nvme: fix potential invalid pointer dereference
Chaitanya Kulkarni
chaitanyak at nvidia.com
Tue Jan 31 13:11:41 PST 2023
On 1/27/23 07:42, Maurizio Lombardi wrote:
> If nvme_alloc_admin_tag_set() fails, the admin_q and fabrics_q pointers
> are left with an invalid, non-NULL value;
> Other functions may then check the pointers' value and dereference them,
> like it happens in
> nvme_probe() -> out_disable: -> nvme_dev_remove_admin().
>
> Fix the bug by setting admin_q and fabrics_q to NULL in case of error.
> Also fix a NULL pointer dereference (the ctrl->admin_tagset pointer
> is only initialized just before returning success;
> therefore, in the error code path, blk_mq_free_tag_set() must be
> called against the "set" variable).
>
> Signed-off-by: Maurizio Lombardi <mlombard at redhat.com>
> ---
Looks good.
Reviewed-by: Chaitanya Kulkarni <kch at nvidia.com>
-ck
More information about the Linux-nvme
mailing list