mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-22 09:48:07 +07:00
dcca166272
There is an out of bounds array access in nvme_cqe_peding(). When enable irq_thread for nvme interrupt, there is racing between the nvmeq->cq_head updating and reading. nvmeq->cq_head is updated in nvme_update_cq_head(), if nvmeq->cq_head equals nvmeq->q_depth and before its value set to zero, nvme_cqe_pending() uses its value as an array index, the index will be out of bounds. Signed-off-by: Hongbo Yao <yaohongbo@huawei.com> [hch: slight coding style update] Signed-off-by: Christoph Hellwig <hch@lst.de> |
||
---|---|---|
.. | ||
core.c | ||
fabrics.c | ||
fabrics.h | ||
fault_inject.c | ||
fc.c | ||
Kconfig | ||
lightnvm.c | ||
Makefile | ||
multipath.c | ||
nvme.h | ||
pci.c | ||
rdma.c | ||
tcp.c | ||
trace.c | ||
trace.h |