nvme-pci: fix out of bounds access in nvme_cqe_pending - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Hongbo Yao <yaohongbo@huawei.com>	2019-01-07 05:22:07 +0300
committer	Christoph Hellwig <hch@lst.de>	2019-01-09 21:47:05 +0300
commit	dcca1662727220d18fa351097ddff33f95f516c5 (patch)
tree	f2c10b033b953198237cc513edf5d73df9aff69b /drivers/nvme/host/tcp.c
parent	8fae268b40f5191227ae7050a99cb2cf1b914ddd (diff)
download	linux-dcca1662727220d18fa351097ddff33f95f516c5.tar.xz

nvme-pci: fix out of bounds access in nvme_cqe_pending

There is an out of bounds array access in nvme_cqe_peding(). When enable irq_thread for nvme interrupt, there is racing between the nvmeq->cq_head updating and reading. nvmeq->cq_head is updated in nvme_update_cq_head(), if nvmeq->cq_head equals nvmeq->q_depth and before its value set to zero, nvme_cqe_pending() uses its value as an array index, the index will be out of bounds. Signed-off-by: Hongbo Yao <yaohongbo@huawei.com> [hch: slight coding style update] Signed-off-by: Christoph Hellwig <hch@lst.de>

Diffstat (limited to 'drivers/nvme/host/tcp.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: