linux

mirror of https://github.com/torvalds/linux.git synced 2024-12-20 01:52:13 +00:00

History

Hongbo Yao dcca166272 nvme-pci: fix out of bounds access in nvme_cqe_pending There is an out of bounds array access in nvme_cqe_peding(). When enable irq_thread for nvme interrupt, there is racing between the nvmeq->cq_head updating and reading. nvmeq->cq_head is updated in nvme_update_cq_head(), if nvmeq->cq_head equals nvmeq->q_depth and before its value set to zero, nvme_cqe_pending() uses its value as an array index, the index will be out of bounds. Signed-off-by: Hongbo Yao <yaohongbo@huawei.com> [hch: slight coding style update] Signed-off-by: Christoph Hellwig <hch@lst.de>		2019-01-09 13:47:05 -05:00
..
core.c	nvme-core: optionally poll sync commands	2018-12-18 17:50:48 +01:00
fabrics.c	nvme-fabrics: allow user to pass in nr_poll_queues	2018-12-18 17:50:49 +01:00
fabrics.h	nvme-fabrics: allow user to pass in nr_poll_queues	2018-12-18 17:50:49 +01:00
fault_inject.c	nvme: Add fault injection feature	2018-03-26 08:53:43 -06:00
fc.c	nvme-fabrics: allow nvmf_connect_io_queue to poll	2018-12-18 17:50:48 +01:00
Kconfig	nvme-tcp: add NVMe over TCP host driver	2018-12-13 09:58:58 +01:00
lightnvm.c	nvme: remove nvme_common command cdw10 array	2018-12-13 09:59:01 +01:00
Makefile	nvme-tcp: add NVMe over TCP host driver	2018-12-13 09:58:58 +01:00
multipath.c	nvme: add a numa_node field to struct nvme_ctrl	2018-12-07 22:26:55 -07:00
nvme.h	nvme-core: optionally poll sync commands	2018-12-18 17:50:48 +01:00
pci.c	nvme-pci: fix out of bounds access in nvme_cqe_pending	2019-01-09 13:47:05 -05:00
rdma.c	nvme-rdma: implement polling queue map	2018-12-18 17:50:49 +01:00
tcp.c	nvme-fabrics: allow nvmf_connect_io_queue to poll	2018-12-18 17:50:48 +01:00
trace.c	nvme-pci: trace SQ status on completions	2018-12-19 08:35:36 +01:00
trace.h	nvme-pci: trace SQ status on completions	2018-12-19 08:35:36 +01:00