Hi Hannes, On Mon, Nov 18, 2019 at 01:30:12PM +0100, Hannes Reinecke wrote: > The lpfc driver allocates a cpu_map based on the number of possible > cpus during startup. If a CPU hotplug occurs the number of CPUs > might change, causing an out-of-bounds access when trying to lookup > the hardware index for a given CPU. > > Suggested-by: Daniel Wagner <daniel.wagner@xxxxxxxx> > Signed-off-by: Hannes Reinecke <hare@xxxxxxx> There are a few more places I think the check is needed: lpfc_nvme_fcp_io_submit(), lpfc_nvmet_ctxbuf_post(), lpfc_nvmet_xmt_fcp_op(), lpfc_nvmet_rcv_unsol_abort(), lpfc_nvme_io_cmd_wqe_cmpl(), lpfc_nvmet_unsol_fcp_buffer(), lpfc_scsi_cmd_iocb_cmpl() At least all of them seem to use the CPU id to access some array. I suggest we review all those places as well. Thanks, Daniel
