From mboxrd@z Thu Jan  1 00:00:00 1970
From: hch@lst.de (Christoph Hellwig)
Date: Wed, 27 May 2015 09:56:52 +0200
Subject: nvme: submit internal commands through the block layer
In-Reply-To: <20150526090815.GA32137@mwanda>
References: <20150526090815.GA32137@mwanda>
Message-ID: <20150527075652.GA24737@lst.de>

On Tue, May 26, 2015@12:08:15PM +0300, Dan Carpenter wrote:
> drivers/block/nvme-core.c
>    853		 */
>    854		if (ns && ns->ms && !blk_integrity_rq(req)) {
>                     ^^
> Patch adds a new check.

Correctly so ..

>    912		nvme_set_info(cmd, iod, req_completion);
>    913		spin_lock_irq(&nvmeq->q_lock);
>    914		if (req->cmd_type == REQ_TYPE_DRV_PRIV)
>    915			nvme_submit_priv(nvmeq, req, iod);
>    916		else if (req->cmd_flags & REQ_DISCARD)
>    917			nvme_submit_discard(nvmeq, ns, req, iod);
>                                                    ^^
> Dereferenced inside function.
> 
>    918		else if (req->cmd_flags & REQ_FLUSH)
>    919			nvme_submit_flush(nvmeq, ns, req->tag);

We'll only get REQ_TYPE_DRV_PRIV requests through the passthrough
interface, so this is unrechable.