linux_dsm_epyc7002/drivers/nvme/host
Hongbo Yao dcca166272 nvme-pci: fix out of bounds access in nvme_cqe_pending
There is an out of bounds array access in nvme_cqe_peding().

When enable irq_thread for nvme interrupt, there is racing between the
nvmeq->cq_head updating and reading.

nvmeq->cq_head is updated in nvme_update_cq_head(), if nvmeq->cq_head
equals nvmeq->q_depth and before its value set to zero, nvme_cqe_pending()
uses its value as an array index, the index will be out of bounds.

Signed-off-by: Hongbo Yao <yaohongbo@huawei.com>
[hch: slight coding style update]
Signed-off-by: Christoph Hellwig <hch@lst.de>
2019-01-09 13:47:05 -05:00
..
core.c nvme-core: optionally poll sync commands 2018-12-18 17:50:48 +01:00
fabrics.c nvme-fabrics: allow user to pass in nr_poll_queues 2018-12-18 17:50:49 +01:00
fabrics.h nvme-fabrics: allow user to pass in nr_poll_queues 2018-12-18 17:50:49 +01:00
fault_inject.c nvme: Add fault injection feature 2018-03-26 08:53:43 -06:00
fc.c nvme-fabrics: allow nvmf_connect_io_queue to poll 2018-12-18 17:50:48 +01:00
Kconfig nvme-tcp: add NVMe over TCP host driver 2018-12-13 09:58:58 +01:00
lightnvm.c nvme: remove nvme_common command cdw10 array 2018-12-13 09:59:01 +01:00
Makefile nvme-tcp: add NVMe over TCP host driver 2018-12-13 09:58:58 +01:00
multipath.c nvme: add a numa_node field to struct nvme_ctrl 2018-12-07 22:26:55 -07:00
nvme.h nvme-core: optionally poll sync commands 2018-12-18 17:50:48 +01:00
pci.c nvme-pci: fix out of bounds access in nvme_cqe_pending 2019-01-09 13:47:05 -05:00
rdma.c nvme-rdma: implement polling queue map 2018-12-18 17:50:49 +01:00
tcp.c nvme-fabrics: allow nvmf_connect_io_queue to poll 2018-12-18 17:50:48 +01:00
trace.c nvme-pci: trace SQ status on completions 2018-12-19 08:35:36 +01:00
trace.h nvme-pci: trace SQ status on completions 2018-12-19 08:35:36 +01:00