From: Daniel Wagner <[email protected]>
[ Upstream commit 85428beac80dbcace5b146b218697c73e367dcf5 ]
Reset the ns->file value to NULL also in the error case in
nvmet_file_ns_enable().
The ns->file variable points either to file object or contains the
error code after the filp_open() call. This can lead to following
problem:
When the user first setups an invalid file backend and tries to enable
the ns, it will fail. Then the user switches over to a bdev backend
and enables successfully the ns. The first received I/O will crash the
system because the IO backend is chosen based on the ns->file value:
static u16 nvmet_parse_io_cmd(struct nvmet_req *req)
{
[...]
if (req->ns->file)
return nvmet_file_parse_io_cmd(req);
return nvmet_bdev_parse_io_cmd(req);
}
Reported-by: Enzo Matsumiya <[email protected]>
Signed-off-by: Daniel Wagner <[email protected]>
Signed-off-by: Christoph Hellwig <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/nvme/target/io-cmd-file.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/nvme/target/io-cmd-file.c b/drivers/nvme/target/io-cmd-file.c
index 05453f5d1448..6ca17a0babae 100644
--- a/drivers/nvme/target/io-cmd-file.c
+++ b/drivers/nvme/target/io-cmd-file.c
@@ -38,9 +38,11 @@ int nvmet_file_ns_enable(struct nvmet_ns *ns)
ns->file = filp_open(ns->device_path, flags, 0);
if (IS_ERR(ns->file)) {
- pr_err("failed to open file %s: (%ld)\n",
- ns->device_path, PTR_ERR(ns->file));
- return PTR_ERR(ns->file);
+ ret = PTR_ERR(ns->file);
+ pr_err("failed to open file %s: (%d)\n",
+ ns->device_path, ret);
+ ns->file = NULL;
+ return ret;
}
ret = vfs_getattr(&ns->file->f_path,
--
2.30.2
Sasha,
On 5/17/21 18:20, Sasha Levin wrote:
> From: Daniel Wagner <[email protected]>
>
> [ Upstream commit 85428beac80dbcace5b146b218697c73e367dcf5 ]
>
> Reset the ns->file value to NULL also in the error case in
> nvmet_file_ns_enable().
>
> The ns->file variable points either to file object or contains the
> error code after the filp_open() call. This can lead to following
> problem:
>
> When the user first setups an invalid file backend and tries to enable
> the ns, it will fail. Then the user switches over to a bdev backend
> and enables successfully the ns. The first received I/O will crash the
> system because the IO backend is chosen based on the ns->file value:
I think the patch subject line is being worked on since it needs to be
reset and not seset.
Not sure how we can go about fixing that.
Hi Chaitanya,
On Tue, May 18, 2021 at 04:27:32AM +0000, Chaitanya Kulkarni wrote:
> I think the patch subject line is being worked on since it needs to be
> reset and not seset.
>
> Not sure how we can go about fixing that.
This ship has sailed, as the commit already hit mainline. Fixing the
typo in the back ports is surely possible but I assume it's better not
do change the subject line. seset forever!
Thanks,
Daniel