[ofa-general] [PATCH] IB/mthca: fix cq cleanup
Michael S. Tsirkin
mst at dev.mellanox.co.il
Mon May 14 07:14:50 PDT 2007
mthca_cq_clean updated CQ consumer index without moving CQEs
to HW ownership. As a result, the same WRID might get reported twice,
resulting in use-after-free. This was observed in IPoIB CM.
Fix by moving all freed CQEs to HW ownership.
This fixes this bug: https://bugs.openfabrics.org/show_bug.cgi?id=617
Signed-off-by: Michael S. Tsirkin <mst at dev.mellanox.co.il>
---
Index: linux-2.6/drivers/infiniband/hw/mthca/mthca_cq.c
===================================================================
--- linux-2.6.orig/drivers/infiniband/hw/mthca/mthca_cq.c 2007-05-14 14:22:58.000000000 +0300
+++ linux-2.6/drivers/infiniband/hw/mthca/mthca_cq.c 2007-05-14 14:42:05.000000000 +0300
@@ -284,7 +284,7 @@ void mthca_cq_clean(struct mthca_dev *de
{
struct mthca_cqe *cqe;
u32 prod_index;
- int nfreed = 0;
+ int i, nfreed = 0;
spin_lock_irq(&cq->lock);
@@ -321,6 +321,8 @@ void mthca_cq_clean(struct mthca_dev *de
}
if (nfreed) {
+ for (i = 0; i < nfreed; ++i)
+ set_cqe_hw(get_cqe(cq, (cq->cons_index + i) & cq->ibcq.cqe));
wmb();
cq->cons_index += nfreed;
update_cons_index(dev, cq, nfreed);
--
MST
More information about the general
mailing list