Re: [PATCH] nvme-pci: fix out-of-bounds access in nvme_setup_descriptor_pools

Next message: Wolfram Sang: "[PULL REQUEST] i2c-for-7.1-rc5"
Previous message: Qing Ming: "[PATCH] ovpn: avoid putting unrelated P2P peer on socket release"
In reply to: Caleb Sander Mateos: "Re: [PATCH] nvme-pci: fix out-of-bounds access in nvme_setup_descriptor_pools"
Next in thread: Mateusz Nowicki: "[PATCH v2] nvme-pci: fix out-of-bounds access in nvme_setup_descriptor_pools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: mateusz . nowicki

Date: Sat May 23 2026 - 04:17:51 EST

On 22.05.2026 17:27, Caleb Sander Mateos wrote:

FYI there was a previous report and patch for this issue:
https://lore.kernel.org/linux-nvme/20260309062840.2937858-2-iam@xxxxxxxxxxxx/T/#u
. Looks like a v2 was promised but never arrived. Some attribution
(Reported-by, Link?) for the original patch might be good.

Thanks, missed that thread. Added in v2:
Reported-by: Sung-woo Kim <iam@xxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20260309062840.2937858-2-iam@xxxxxxxxxxxx

Also added a Fixes: tag for d977506f8863

I did like that the other patch switched the type of struct
blk_mq_hw_ctx's numa_node field and the argument to struct
blk_mq_ops's init_request function pointer from unsigned int to int to
clarify that it was optional. But probably makes sense to do that as a
follow-on commit separate from the bug fix.

I can take care of it, will send it as separate follow-up.

Is numa_node >= nr_node_ids possible? I think just numa_node < 0
should be fine, and would avoid a compiler warning about comparing int
to unsigned int.

Right, dropped the nr_node_ids check. Went with == NUMA_NO_NODE
rather than < 0 to match the style in block/blk-mq.c

v2 incoming.

Thanks,
Mateusz