[Linux-stable-mirror] Patch "nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()" has been added to the 4.14-stable tree
This is a note to let you know that I've just added the patch titled
nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: nvme-pci-fix-null-pointer-dereference-in-nvme_free_host_mem.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From foo@baz Thu Feb 1 13:45:42 CET 2018
From: Minwoo Im minwoo.im.dev@gmail.com Date: Sat, 25 Nov 2017 03:03:00 +0900 Subject: nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
From: Minwoo Im minwoo.im.dev@gmail.com
[ Upstream commit 7e5dd57ef3081ff6c03908d786ed5087f6fbb7ae ]
Following condition which will cause NULL pointer dereference will occur in nvme_free_host_mem() when it tries to remove pci device via nvme_remove() especially after a failure of host memory allocation for HMB.
"(host_mem_descs == NULL) && (nr_host_mem_descs != 0)"
It's because __nr_host_mem_descs__ is not cleared to 0 unlike __host_mem_descs__ is so.
Signed-off-by: Minwoo Im minwoo.im.dev@gmail.com Signed-off-by: Christoph Hellwig hch@lst.de Signed-off-by: Sasha Levin alexander.levin@verizon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/nvme/host/pci.c | 1 + 1 file changed, 1 insertion(+)
--- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -1617,6 +1617,7 @@ static void nvme_free_host_mem(struct nv dev->nr_host_mem_descs * sizeof(*dev->host_mem_descs), dev->host_mem_descs, dev->host_mem_descs_dma); dev->host_mem_descs = NULL; + dev->nr_host_mem_descs = 0; }
static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,
Patches currently in stable-queue which might be from minwoo.im.dev@gmail.com are
queue-4.14/nvme-pci-avoid-hmb-desc-array-idx-out-of-bound-when-hmmaxd-set.patch queue-4.14/nvme-pci-fix-null-pointer-dereference-in-nvme_free_host_mem.patch
linux-stable-mirror@lists.linaro.org
-
gregkh@linuxfoundation.org