On 2017年02月03日 16:26, Christoph Hellwig wrote:
On Fri, Feb 03, 2017 at 03:54:54PM +0800, Jason Wang wrote:
On 2017年01月27日 16:16, Christoph Hellwig wrote:
+ snprintf(vp_dev->msix_names[i + 1],
+ sizeof(*vp_dev->msix_names), "%s-%s",
dev_name(&vp_dev->vdev.dev), names[i]);
err = request_irq(pci_irq_vector(vp_dev->pci_dev, msix_vec),
- vring_interrupt, 0,
- vp_dev->msix_names[msix_vec],
- vqs[i]);
+ vring_interrupt, IRQF_SHARED,
+ vp_dev->msix_names[i + 1], vqs[i]);
Do we need to check per_vq_vectors before dereferencing msix_names[i + 1] ?
No, we need to allocate the array larger in that case as want proper
names for the interrupts.
Consider the case of !per_vq_vectors, the size of msix_names is 2, but
snprintf can do out of bound accessing here. (We name the msix shared by
virtqueues with something like "%s-virtqueues" before the patch).
Thanks
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
