Hi Hannes, On Mon, Nov 18, 2019 at 01:30:12PM +0100, Hannes Reinecke wrote: > The lpfc driver allocates a cpu_map based on the number of possible > cpus during startup. If a CPU hotplug occurs the number of CPUs > might change, causing an out-of-bounds access when trying to lookup > the hardware index for a given CPU. > > Suggested-by: Daniel Wagner <daniel.wagner@xxxxxxxx> > Signed-off-by: Hannes Reinecke <hare@xxxxxxx> > --- > drivers/scsi/lpfc/lpfc_scsi.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c > index ba26df90a36a..2380452a8efd 100644 > --- a/drivers/scsi/lpfc/lpfc_scsi.c > +++ b/drivers/scsi/lpfc/lpfc_scsi.c > @@ -642,7 +642,8 @@ lpfc_get_scsi_buf_s4(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp, > int tag; > struct fcp_cmd_rsp_buf *tmp = NULL; > > - cpu = raw_smp_processor_id(); > + cpu = min_t(u32, raw_smp_processor_id(), > + phba->sli4_hba.num_possible_cpu); The index is limited by phba->cfg_hdw_queue and not the number of CPUs. Thanks, Daniel
