lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <cf0f9085-6c87-4dd5-9114-925723e68495@oracle.com>
Date: Tue, 30 Dec 2025 07:45:31 +0000
From: John Garry <john.g.garry@...cle.com>
To: Haotian Zhang <vulab@...as.ac.cn>,
        Sathya Prakash <sathya.prakash@...adcom.com>,
        Sreekanth Reddy <sreekanth.reddy@...adcom.com>,
        Suganath Prabu Subramani <suganath-prabu.subramani@...adcom.com>,
        "James E . J . Bottomley" <James.Bottomley@...senPartnership.com>,
        "Martin K . Petersen" <martin.petersen@...cle.com>
Cc: MPT-FusionLinux.pdl@...adcom.com, linux-scsi@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] scsi: mpt3sas: Fix invalid NUMA node index

On 30/12/2025 03:14, Haotian Zhang wrote:
> When dev_to_node() returns NUMA_NO_NODE (-1), passing it directly to
> cpumask_of_node() causes an array index out-of-bounds access.
> 
> Check for NUMA_NO_NODE and fall back to node 0 if detected.
> 
> Fixes: fdb8ed13a772 ("scsi: mpt3sas: Use irq_set_affinity_and_hint()")
> Signed-off-by: Haotian Zhang <vulab@...as.ac.cn>
> ---
>   drivers/scsi/mpt3sas/mpt3sas_base.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
> index 0d652db8fe24..3fe071e8490d 100644
> --- a/drivers/scsi/mpt3sas/mpt3sas_base.c
> +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
> @@ -3238,7 +3238,11 @@ _base_assign_reply_queues(struct MPT3SAS_ADAPTER *ioc)
>   		 * corresponding to high iops queues.
>   		 */
>   		if (ioc->high_iops_queues) {
> -			mask = cpumask_of_node(dev_to_node(&ioc->pdev->dev));
> +			int nid = dev_to_node(&ioc->pdev->dev);
> +
> +			if (nid == NUMA_NO_NODE)
> +				nid = 0;
> +			mask = cpumask_of_node(nid);

Some versions of cpumask_of_node() handle NUMA_NO_NODE gracefully and 
some don't.

For the core drivers/base/arch_numa.c version, it returns cpu_all_mask 
(for NUMA_NO_NODE) - so your behaviour here is different.

Anyway, how about audit all versions of cpumask_of_node() to handle 
NUMA_NO_NODE gracefully?

>   			for (index = 0; index < ioc->high_iops_queues;
>   			    index++) {
>   				irq = pci_irq_vector(ioc->pdev, index);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ