NVMe: Fix 0-length integrity payload
authorKeith Busch <keith.busch@intel.com>
Wed, 24 Feb 2016 16:15:58 +0000 (09:15 -0700)
committerJens Axboe <axboe@fb.com>
Thu, 3 Mar 2016 21:42:50 +0000 (14:42 -0700)
commite9fc63d682dbbef17921aeb00d03fd52d6735ffd
tree33d5f3ece18a1724ad42b79a7c4970859efca5e8
parent63088ec7c8eadfe08b96127a41b385ec9742dace
NVMe: Fix 0-length integrity payload

A user could send a passthrough IO command with a metadata pointer to a
namespace without metadata. With metadata length of 0, kmalloc returns
ZERO_SIZE_PTR. Since that is not NULL, the driver would have set this as
the bio's integrity payload, which causes an access fault on completion.

This patch ignores the users metadata buffer if the namespace format
does not support separate metadata.

Reported-by: Stephen Bates <stephen.bates@microsemi.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
drivers/nvme/host/core.c