diff options
author | Hannes Reinecke | 2018-07-25 08:35:17 +0200 |
---|---|---|
committer | Christoph Hellwig | 2018-07-25 13:14:03 +0200 |
commit | 5613d31214eb4c5c04cdfce4966bb661c8b43191 (patch) | |
tree | 30c1c8e56e16dfc432d947e6615626275b22d7cc /drivers/nvme/target | |
parent | nvme: if_ready checks to fail io to deleting controller (diff) | |
download | kernel-qcow2-linux-5613d31214eb4c5c04cdfce4966bb661c8b43191.tar.gz kernel-qcow2-linux-5613d31214eb4c5c04cdfce4966bb661c8b43191.tar.xz kernel-qcow2-linux-5613d31214eb4c5c04cdfce4966bb661c8b43191.zip |
nvmet: fixup crash on NULL device path
When writing an empty string into the device_path attribute the kernel
will crash with
nvmet: failed to open block device (null): (-22)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
This patch sanitizes the error handling for invalid device path settings.
Fixes: a07b4970 ("nvmet: add a generic NVMe target")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/nvme/target')
-rw-r--r-- | drivers/nvme/target/configfs.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c index d3f3b3ec4d1a..ebea1373d1b7 100644 --- a/drivers/nvme/target/configfs.c +++ b/drivers/nvme/target/configfs.c @@ -282,6 +282,7 @@ static ssize_t nvmet_ns_device_path_store(struct config_item *item, { struct nvmet_ns *ns = to_nvmet_ns(item); struct nvmet_subsys *subsys = ns->subsys; + size_t len; int ret; mutex_lock(&subsys->lock); @@ -289,10 +290,14 @@ static ssize_t nvmet_ns_device_path_store(struct config_item *item, if (ns->enabled) goto out_unlock; - kfree(ns->device_path); + ret = -EINVAL; + len = strcspn(page, "\n"); + if (!len) + goto out_unlock; + kfree(ns->device_path); ret = -ENOMEM; - ns->device_path = kstrndup(page, strcspn(page, "\n"), GFP_KERNEL); + ns->device_path = kstrndup(page, len, GFP_KERNEL); if (!ns->device_path) goto out_unlock; |