Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5613d312 authored by Hannes Reinecke's avatar Hannes Reinecke Committed by Christoph Hellwig
Browse files

nvmet: fixup crash on NULL device path 



When writing an empty string into the device_path attribute the kernel
will crash with

nvmet: failed to open block device (null): (-22)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000

This patch sanitizes the error handling for invalid device path settings.

Fixes: a07b4970 ("nvmet: add a generic NVMe target")
Signed-off-by: default avatarHannes Reinecke <hare@suse.com>
Reviewed-by: default avatarChaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
parent 6cdefc6e

drivers/nvme/target/configfs.c

+7 −2
Original line number Diff line number Diff line
@@ -282,6 +282,7 @@ static ssize_t nvmet_ns_device_path_store(struct config_item *item, 
{

	struct nvmet_ns *ns = to_nvmet_ns(item);

	struct nvmet_subsys *subsys = ns->subsys;

	size_t len;

	int ret;



	mutex_lock(&subsys->lock);
@@ -289,10 +290,14 @@ static ssize_t nvmet_ns_device_path_store(struct config_item *item, 
	if (ns->enabled)

		goto out_unlock;



	kfree(ns->device_path);

	ret = -EINVAL;

	len = strcspn(page, "\n");

	if (!len)

		goto out_unlock;



	kfree(ns->device_path);

	ret = -ENOMEM;

	ns->device_path = kstrndup(page, strcspn(page, "\n"), GFP_KERNEL);

	ns->device_path = kstrndup(page, len, GFP_KERNEL);

	if (!ns->device_path)

		goto out_unlock;