summaryrefslogtreecommitdiffstats
path: root/drivers/nvme
diff options
context:
space:
mode:
authorHannes Reinecke <hare@suse.de>2018-07-25 08:35:17 +0200
committerChristoph Hellwig <hch@lst.de>2018-07-25 13:14:03 +0200
commit5613d31214eb4c5c04cdfce4966bb661c8b43191 (patch)
tree30c1c8e56e16dfc432d947e6615626275b22d7cc /drivers/nvme
parent6cdefc6e2ad52170f89a8d0e8b1a1339f91834dc (diff)
downloadlinux-stable-5613d31214eb4c5c04cdfce4966bb661c8b43191.tar.gz
linux-stable-5613d31214eb4c5c04cdfce4966bb661c8b43191.tar.bz2
linux-stable-5613d31214eb4c5c04cdfce4966bb661c8b43191.zip
nvmet: fixup crash on NULL device path
When writing an empty string into the device_path attribute the kernel will crash with nvmet: failed to open block device (null): (-22) BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 This patch sanitizes the error handling for invalid device path settings. Fixes: a07b4970 ("nvmet: add a generic NVMe target") Signed-off-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/nvme')
-rw-r--r--drivers/nvme/target/configfs.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
index d3f3b3ec4d1a..ebea1373d1b7 100644
--- a/drivers/nvme/target/configfs.c
+++ b/drivers/nvme/target/configfs.c
@@ -282,6 +282,7 @@ static ssize_t nvmet_ns_device_path_store(struct config_item *item,
{
struct nvmet_ns *ns = to_nvmet_ns(item);
struct nvmet_subsys *subsys = ns->subsys;
+ size_t len;
int ret;
mutex_lock(&subsys->lock);
@@ -289,10 +290,14 @@ static ssize_t nvmet_ns_device_path_store(struct config_item *item,
if (ns->enabled)
goto out_unlock;
- kfree(ns->device_path);
+ ret = -EINVAL;
+ len = strcspn(page, "\n");
+ if (!len)
+ goto out_unlock;
+ kfree(ns->device_path);
ret = -ENOMEM;
- ns->device_path = kstrndup(page, strcspn(page, "\n"), GFP_KERNEL);
+ ns->device_path = kstrndup(page, len, GFP_KERNEL);
if (!ns->device_path)
goto out_unlock;