From: JK Kim jongkang.kim2@gmail.com
[ Upstream commit a0aac973a26d1ac814b9e131e209eb39472a67ce ]
nvmeq->cq_head is compared with nvmeq->q_depth and changed the value and cq_phase for handling the next cq db.
but, nvmeq->q_depth's type is u32 and max. value is 0x10000 when CQP.MSQE is 0xffff and io_queue_depth is 0x10000.
current temp. variable for comparing with nvmeq->q_depth is overflowed when previous nvmeq->cq_head is 0xffff.
in this case, nvmeq->cq_phase is not updated. so, fix data type for temp. variable to u32.
Signed-off-by: JK Kim jongkang.kim2@gmail.com Signed-off-by: Christoph Hellwig hch@lst.de Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/nvme/host/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index c92a15c3fbc5..4555e9202851 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -1027,7 +1027,7 @@ static inline void nvme_handle_cqe(struct nvme_queue *nvmeq, u16 idx)
static inline void nvme_update_cq_head(struct nvme_queue *nvmeq) { - u16 tmp = nvmeq->cq_head + 1; + u32 tmp = nvmeq->cq_head + 1;
if (tmp == nvmeq->q_depth) { nvmeq->cq_head = 0;