* Patch "nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()" has been added to the 4.14-stable tree
@ 2018-02-01 13:13 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2018-02-01 13:13 UTC (permalink / raw)
To: minwoo.im.dev, alexander.levin, gregkh, hch; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nvme-pci-fix-null-pointer-dereference-in-nvme_free_host_mem.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Thu Feb 1 13:45:42 CET 2018
From: Minwoo Im <minwoo.im.dev@gmail.com>
Date: Sat, 25 Nov 2017 03:03:00 +0900
Subject: nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
From: Minwoo Im <minwoo.im.dev@gmail.com>
[ Upstream commit 7e5dd57ef3081ff6c03908d786ed5087f6fbb7ae ]
Following condition which will cause NULL pointer dereference will
occur in nvme_free_host_mem() when it tries to remove pci device via
nvme_remove() especially after a failure of host memory allocation for HMB.
"(host_mem_descs == NULL) && (nr_host_mem_descs != 0)"
It's because __nr_host_mem_descs__ is not cleared to 0 unlike
__host_mem_descs__ is so.
Signed-off-by: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1617,6 +1617,7 @@ static void nvme_free_host_mem(struct nv
dev->nr_host_mem_descs * sizeof(*dev->host_mem_descs),
dev->host_mem_descs, dev->host_mem_descs_dma);
dev->host_mem_descs = NULL;
+ dev->nr_host_mem_descs = 0;
}
static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,
Patches currently in stable-queue which might be from minwoo.im.dev@gmail.com are
queue-4.14/nvme-pci-avoid-hmb-desc-array-idx-out-of-bound-when-hmmaxd-set.patch
queue-4.14/nvme-pci-fix-null-pointer-dereference-in-nvme_free_host_mem.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-02-01 13:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-01 13:13 Patch "nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()" has been added to the 4.14-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).