diff options
| author | Daniel Wagner <dwagner@suse.de> | 2021-05-12 16:50:05 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-05-26 12:05:15 +0200 |
| commit | 439ce949ee903eeda50bf03ec8515f603b6cba7e (patch) | |
| tree | a23bbb9d07a70ab45004387a12cc74b49f1094d9 /kernel/locking/mutex.h | |
| parent | 670d34d54320e85d8b2a02073742bffd7a336f3f (diff) | |
nvmet: seset ns->file when open fails
[ Upstream commit 85428beac80dbcace5b146b218697c73e367dcf5 ]
Reset the ns->file value to NULL also in the error case in
nvmet_file_ns_enable().
The ns->file variable points either to file object or contains the
error code after the filp_open() call. This can lead to following
problem:
When the user first setups an invalid file backend and tries to enable
the ns, it will fail. Then the user switches over to a bdev backend
and enables successfully the ns. The first received I/O will crash the
system because the IO backend is chosen based on the ns->file value:
static u16 nvmet_parse_io_cmd(struct nvmet_req *req)
{
[...]
if (req->ns->file)
return nvmet_file_parse_io_cmd(req);
return nvmet_bdev_parse_io_cmd(req);
}
Reported-by: Enzo Matsumiya <ematsumiya@suse.com>
Signed-off-by: Daniel Wagner <dwagner@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'kernel/locking/mutex.h')
0 files changed, 0 insertions, 0 deletions