[PATCH] nvme-pci: fix out-of-bounds access in nvme_setup_descriptor_pools
mateusz.nowicki at posteo.net
mateusz.nowicki at posteo.net
Sat May 23 01:17:38 PDT 2026
On 22.05.2026 17:27, Caleb Sander Mateos wrote:
> FYI there was a previous report and patch for this issue:
> https://lore.kernel.org/linux-nvme/20260309062840.2937858-2-iam@sung-woo.kim/T/#u
> . Looks like a v2 was promised but never arrived. Some attribution
> (Reported-by, Link?) for the original patch might be good.
>
Thanks, missed that thread. Added in v2:
Reported-by: Sung-woo Kim <iam at sung-woo.kim>
Link:
https://lore.kernel.org/r/20260309062840.2937858-2-iam@sung-woo.kim
Also added a Fixes: tag for d977506f8863
> I did like that the other patch switched the type of struct
> blk_mq_hw_ctx's numa_node field and the argument to struct
> blk_mq_ops's init_request function pointer from unsigned int to int to
> clarify that it was optional. But probably makes sense to do that as a
> follow-on commit separate from the bug fix.
>
I can take care of it, will send it as separate follow-up.
> Is numa_node >= nr_node_ids possible? I think just numa_node < 0
> should be fine, and would avoid a compiler warning about comparing int
> to unsigned int.
>
Right, dropped the nr_node_ids check. Went with == NUMA_NO_NODE
rather than < 0 to match the style in block/blk-mq.c
v2 incoming.
Thanks,
Mateusz
More information about the Linux-nvme
mailing list