Commit 973c3a58 authored Aug 20, 2024 by Leon Romanovsky Committed by Li Lingfeng Aug 20, 2024

nvme-pci: add missing condition check for existence of mapped data

mainline inclusion
from mainline-v6.11-rc1
commit c31fad1470389666ac7169fe43aa65bf5b7e2cfd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKPOL
CVE: CVE-2024-42276

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c31fad1470389666ac7169fe43aa65bf5b7e2cfd



--------------------------------

nvme_map_data() is called when request has physical segments, hence
the nvme_unmap_data() should have same condition to avoid dereference.

Fixes: 4aedb705 ("nvme-pci: split metadata handling from nvme_map_data / nvme_unmap_data")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Nitesh Shetty <nj.shetty@samsung.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>

Conflicts:
  drivers/nvme/host/pci.c
[Commit 62451a2b ("nvme: separate command prep and issue") separate
nvme_map_data/nvme_unmap_data from nvme_queue_rq to nvme_prep_rq.]
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>

parent c791a369

drivers/nvme/host/pci.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -947,6 +947,7 @@ static blk_status_t nvme_queue_rq(struct blk_mq_hw_ctx *hctx,
		nvme_submit_cmd(nvmeq, cmnd, bd->last);
		return BLK_STS_OK;
		out_unmap_data:
		if (blk_rq_nr_phys_segments(req))
		nvme_unmap_data(dev, req);
		out_free_cmd:
		nvme_cleanup_cmd(req);