On 11/08/2015 12:24 PM, Mathias Krause wrote:
> Commit 1266963170f5 ("PCI: Prevent out of bounds access in numa_node
> override") missed that the user provided node could also be negative.
> Handle this case as well to really avoid out-of-bounds accesses to
> the node_states[] array.
No, this is incorrect. More often than not, numa_node is -1 for NUMA_NO_NODE
which is often interpreted in the kernel as "any numa node".
[root@intel-brickland-04 pci0000:ff]# find ./ -name *numa_node* | xargs egrep ^
| egrep "\-1" | wc -l
92
Can you point to the code that does node_states[pci_dev->numa_node] without
doing a bounds check? IMO that's the code that is broken.
FWIW: I think the idea of your patch is still correct. Checking for -1 to
MAX_NUMNODES is not a bad idea.
P.
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
