Message ID | 20190305232427.21530-2-dann.frazier@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Bionic] nvme-pci: fix out of bounds access in nvme_cqe_pending | expand |
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index e090a03643639..3805565f44295 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -974,9 +974,11 @@ static inline bool nvme_read_cqe(struct nvme_queue *nvmeq, if (nvme_cqe_valid(nvmeq, nvmeq->cq_head, nvmeq->cq_phase)) { *cqe = nvmeq->cqes[nvmeq->cq_head]; - if (++nvmeq->cq_head == nvmeq->q_depth) { + if (nvmeq->cq_head == nvmeq->q_depth - 1) { nvmeq->cq_head = 0; nvmeq->cq_phase = !nvmeq->cq_phase; + } else { + nvmeq->cq_head++; } return true; }