[PATCH] nvme-pci: Fix mempool alloc size
Jens Axboe
axboe at kernel.dk
Mon Dec 19 11:07:42 PST 2022
On 12/19/22 11:59 AM, Keith Busch wrote:
> From: Keith Busch <kbusch at kernel.org>
>
> Convert the max size to bytes to match the units of the divisor that
> calculates the worst-case number of PRP entries.
>
> The result is used to determine how many PRP Lists are required. The
> code was previously rounding this to 1 list, but we can require 2 in the
> worst case. In that scenario, the driver would corrupt memory beyond the
> size provided by the mempool.
>
> While unlikely to occur (you'd need a 4MB in exactly 127 phys segments
> on a queue that doesn't support SGLs), this memory corruption has been
> observed by kfence.
Good catch!
Reviewed-by: Jens Axboe <axboe at kernel.dk>
--
Jens Axboe
More information about the Linux-nvme
mailing list