1. Patchew
  2. linux
  3. View series

[PATCH] scsi: mpt3sas: Fix invalid NUMA node index

Haotian Zhang posted 1 patch 1 month, 1 week ago 
drivers/scsi/mpt3sas/mpt3sas_base.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
[PATCH] scsi: mpt3sas: Fix invalid NUMA node index
Posted by Haotian Zhang 1 month, 1 week ago 
When dev_to_node() returns NUMA_NO_NODE (-1), passing it directly to
cpumask_of_node() causes an array index out-of-bounds access.

Check for NUMA_NO_NODE and fall back to node 0 if detected.

Fixes: fdb8ed13a772 ("scsi: mpt3sas: Use irq_set_affinity_and_hint()")
Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn>
---
 drivers/scsi/mpt3sas/mpt3sas_base.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
index 0d652db8fe24..3fe071e8490d 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
@@ -3238,7 +3238,11 @@ _base_assign_reply_queues(struct MPT3SAS_ADAPTER *ioc)
 		 * corresponding to high iops queues.
 		 */
 		if (ioc->high_iops_queues) {
-			mask = cpumask_of_node(dev_to_node(&ioc->pdev->dev));
+			int nid = dev_to_node(&ioc->pdev->dev);
+
+			if (nid == NUMA_NO_NODE)
+				nid = 0;
+			mask = cpumask_of_node(nid);
 			for (index = 0; index < ioc->high_iops_queues;
 			    index++) {
 				irq = pci_irq_vector(ioc->pdev, index);
-- 
2.43.0
Re: [PATCH] scsi: mpt3sas: Fix invalid NUMA node index
Posted by John Garry 1 month, 1 week ago 
On 30/12/2025 03:14, Haotian Zhang wrote:
> When dev_to_node() returns NUMA_NO_NODE (-1), passing it directly to
> cpumask_of_node() causes an array index out-of-bounds access.
> 
> Check for NUMA_NO_NODE and fall back to node 0 if detected.
> 
> Fixes: fdb8ed13a772 ("scsi: mpt3sas: Use irq_set_affinity_and_hint()")
> Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn>
> ---
>   drivers/scsi/mpt3sas/mpt3sas_base.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
> index 0d652db8fe24..3fe071e8490d 100644
> --- a/drivers/scsi/mpt3sas/mpt3sas_base.c
> +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
> @@ -3238,7 +3238,11 @@ _base_assign_reply_queues(struct MPT3SAS_ADAPTER *ioc)
>   		 * corresponding to high iops queues.
>   		 */
>   		if (ioc->high_iops_queues) {
> -			mask = cpumask_of_node(dev_to_node(&ioc->pdev->dev));
> +			int nid = dev_to_node(&ioc->pdev->dev);
> +
> +			if (nid == NUMA_NO_NODE)
> +				nid = 0;
> +			mask = cpumask_of_node(nid);

Some versions of cpumask_of_node() handle NUMA_NO_NODE gracefully and 
some don't.

For the core drivers/base/arch_numa.c version, it returns cpu_all_mask 
(for NUMA_NO_NODE) - so your behaviour here is different.

Anyway, how about audit all versions of cpumask_of_node() to handle 
NUMA_NO_NODE gracefully?

>   			for (index = 0; index < ioc->high_iops_queues;
>   			    index++) {
>   				irq = pci_irq_vector(ioc->pdev, index);

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.