[PATCH] nvme-pci: Fix mempool alloc size
Chaitanya Kulkarni
chaitanyak at nvidia.com
Mon Dec 19 22:08:59 PST 2022
On 12/19/22 10:59, Keith Busch wrote:
> From: Keith Busch <kbusch at kernel.org>
>
> Convert the max size to bytes to match the units of the divisor that
> calculates the worst-case number of PRP entries.
>
> The result is used to determine how many PRP Lists are required. The
> code was previously rounding this to 1 list, but we can require 2 in the
> worst case. In that scenario, the driver would corrupt memory beyond the
> size provided by the mempool.
>
> While unlikely to occur (you'd need a 4MB in exactly 127 phys segments
> on a queue that doesn't support SGLs), this memory corruption has been
> observed by kfence.
>
> Cc: Jens Axboe <axboe at kernel.dk>
> Fixes: 943e942e6266f ("nvme-pci: limit max IO size and segments to avoid high order allocations")
> Signed-off-by: Keith Busch <kbusch at kernel.org>
> ---
hmm, surprising to see that we never caught this until today...
Reviewed-by: Chaitanya Kulkarni <kch at nvidia.com>
-ck
More information about the Linux-nvme
mailing list