On Thu, Feb 02, 2017 at 07:32:16PM +0100, Christoph Hellwig wrote: > On Thu, Feb 02, 2017 at 11:36:59AM -0600, Bjorn Helgaas wrote: > > You didn't say exactly where the out of bounds access was, but I assume > > it's probably in irq_create_affinity_masks() in this path: > > Yes. See the original report from Bart here: > > http://www.spinics.net/lists/linux-scsi/msg104082.html > > > The fix in pci_alloc_irq_vectors_affinity() looks fine, but I wish it > > were closer to the actual problem. > > I plan to also fix the low-level issue, but: > > a) I have other patches pending in that are for 4.11 and I'd like > to batch them up with those to avoid conflicts > b) we really need a high-level check like the one added in this > patch so that we do the right thing (drop affinity) in this > case instead of returning an error to the caller and failing > the probe. OK. I applied this to for-linus for v4.10. I think b) refers to this piece: + /* + * If there aren't any vectors left after applying the pre/post + * vectors don't bother with assigning affinity. + */ + if (affd->pre_vectors + affd->post_vectors == min_vecs) + affd = NULL; I think this can be (and really should be) fixed in irq_create_affinity_masks(), which can also ignore affinity without returning an error to the caller of pci_alloc_irq_vectors_affinity(). But I guess it's ok to also check here. Thanks for reminding me to pick this up for v4.10. Bjorn
