Skip to content

Commit 7e5dd57

Browse files
minwooimChristoph Hellwig
minwooim
authored and
Christoph Hellwig
committed
nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
Following condition which will cause NULL pointer dereference will occur in nvme_free_host_mem() when it tries to remove pci device via nvme_remove() especially after a failure of host memory allocation for HMB. "(host_mem_descs == NULL) && (nr_host_mem_descs != 0)" It's because __nr_host_mem_descs__ is not cleared to 0 unlike __host_mem_descs__ is so. Signed-off-by: Minwoo Im <minwoo.im.dev@gmail.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
1 parent eb1bd24 commit 7e5dd57

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

drivers/nvme/host/pci.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1759,6 +1759,7 @@ static void nvme_free_host_mem(struct nvme_dev *dev)
17591759
dev->nr_host_mem_descs * sizeof(*dev->host_mem_descs),
17601760
dev->host_mem_descs, dev->host_mem_descs_dma);
17611761
dev->host_mem_descs = NULL;
1762+
dev->nr_host_mem_descs = 0;
17621763
}
17631764

17641765
static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,

0 commit comments

Comments
 (0)