From mboxrd@z Thu Jan  1 00:00:00 1970
From: garsilva@embeddedor.com (Gustavo A. R. Silva)
Date: Mon, 13 Nov 2017 13:36:50 -0600
Subject: [PATCH] nvme: host: core: fix NULL pointer dereference in
 nvme_pr_command
Message-ID: <20171113193650.GA2832@embeddedor.com>

_head_ pointer is being dereferenced when it is NULL.

Fix this by moving the code that dereferences such pointer after it has
been properly initialized in function nvme_get_ns_from_disk.

Addresses-Coverity-ID: 1461344
Fixes: 32acab3181c7 ("nvme: implement multipath access to nvme subsystems")
Signed-off-by: Gustavo A. R. Silva <garsilva at embeddedor.com>
---
 drivers/nvme/host/core.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 25da74d..9b9c324 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1452,16 +1452,16 @@ static int nvme_pr_command(struct block_device *bdev, u32 cdw10,
 	put_unaligned_le64(key, &data[0]);
 	put_unaligned_le64(sa_key, &data[8]);
 
-	memset(&c, 0, sizeof(c));
-	c.common.opcode = op;
-	c.common.nsid = cpu_to_le32(head->ns_id);
-	c.common.cdw10[0] = cpu_to_le32(cdw10);
-
 	ns = nvme_get_ns_from_disk(bdev->bd_disk, &head, &srcu_idx);
-	if (unlikely(!ns))
+	if (unlikely(!ns)) {
 		ret = -EWOULDBLOCK;
-	else
+	} else {
+		memset(&c, 0, sizeof(c));
+		c.common.opcode = op;
+		c.common.nsid = cpu_to_le32(head->ns_id);
+		c.common.cdw10[0] = cpu_to_le32(cdw10);
 		ret = nvme_submit_sync_cmd(ns->queue, &c, data, 16);
+	}
 	nvme_put_ns_from_disk(head, srcu_idx);
 	return ret;
 }
-- 
2.7.4

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754702AbdKMTg4 (ORCPT <rfc822;w@1wt.eu>);
        Mon, 13 Nov 2017 14:36:56 -0500
Received: from gateway32.websitewelcome.com ([192.185.145.107]:25200 "EHLO
        gateway32.websitewelcome.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1754538AbdKMTgz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Nov 2017 14:36:55 -0500
Date: Mon, 13 Nov 2017 13:36:50 -0600
From: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
To: Keith Busch <keith.busch@intel.com>, Jens Axboe <axboe@fb.com>,
        Christoph Hellwig <hch@lst.de>, Sagi Grimberg <sagi@grimberg.me>
Cc: linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org,
        "Gustavo A. R. Silva" <garsilva@embeddedor.com>
Subject: [PATCH] nvme: host: core: fix NULL pointer dereference in
 nvme_pr_command
Message-ID: <20171113193650.GA2832@embeddedor.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator4166.hostgator.com
X-AntiAbuse: Original Domain - vger.kernel.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - embeddedor.com
X-BWhitelist: no
X-Source-IP: 189.175.248.21
X-Source-L: No
X-Exim-ID: 1eEKXN-001wVM-Da
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Source-Sender: (embeddedor) [189.175.248.21]:38628
X-Source-Auth: garsilva@embeddedor.com
X-Email-Count: 6
X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20=
X-Local-Domain: yes
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

_head_ pointer is being dereferenced when it is NULL.

Fix this by moving the code that dereferences such pointer after it has
been properly initialized in function nvme_get_ns_from_disk.

Addresses-Coverity-ID: 1461344
Fixes: 32acab3181c7 ("nvme: implement multipath access to nvme subsystems")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
 drivers/nvme/host/core.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 25da74d..9b9c324 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1452,16 +1452,16 @@ static int nvme_pr_command(struct block_device *bdev, u32 cdw10,
 	put_unaligned_le64(key, &data[0]);
 	put_unaligned_le64(sa_key, &data[8]);
 
-	memset(&c, 0, sizeof(c));
-	c.common.opcode = op;
-	c.common.nsid = cpu_to_le32(head->ns_id);
-	c.common.cdw10[0] = cpu_to_le32(cdw10);
-
 	ns = nvme_get_ns_from_disk(bdev->bd_disk, &head, &srcu_idx);
-	if (unlikely(!ns))
+	if (unlikely(!ns)) {
 		ret = -EWOULDBLOCK;
-	else
+	} else {
+		memset(&c, 0, sizeof(c));
+		c.common.opcode = op;
+		c.common.nsid = cpu_to_le32(head->ns_id);
+		c.common.cdw10[0] = cpu_to_le32(cdw10);
 		ret = nvme_submit_sync_cmd(ns->queue, &c, data, 16);
+	}
 	nvme_put_ns_from_disk(head, srcu_idx);
 	return ret;
 }
-- 
2.7.4