[ofa-general] [PATCH] libmthca: fix cq cleanup
Michael S. Tsirkin
mst at dev.mellanox.co.il
Mon May 14 07:15:14 PDT 2007
mthca_cq_clean updated CQ consumer index without moving CQEs
to HW ownership. As a result, the same WRID might get reported twice,
resulting in use-after-free. This was observed in IPoIB CM.
Fix by moving all freed CQEs to HW ownership.
This fixes this bug: https://bugs.openfabrics.org/show_bug.cgi?id=617
Signed-off-by: Michael S. Tsirkin <mst at dev.mellanox.co.il>
---
diff --git a/src/cq.c b/src/cq.c
index 0aeb7a9..ecaed9c 100644
--- a/src/cq.c
+++ b/src/cq.c
@@ -550,7 +546,7 @@ void mthca_cq_clean(struct mthca_cq *cq, uint32_t qpn, struct mthca_srq *srq)
{
struct mthca_cqe *cqe;
uint32_t prod_index;
- int nfreed = 0;
+ int i, nfreed = 0;
pthread_spin_lock(&cq->lock);
@@ -584,6 +580,8 @@ void mthca_cq_clean(struct mthca_cq *cq, uint32_t qpn, struct mthca_srq *srq)
}
if (nfreed) {
+ for (i = 0; i < nfreed; ++i)
+ set_cqe_hw(get_cqe(cq, (cq->cons_index + i) & cq->ibv_cq.cqe));
wmb();
cq->cons_index += nfreed;
update_cons_index(cq, nfreed);
--
MST
More information about the general
mailing list