diff options
| author | Mustafa Ismail <mustafa.ismail@intel.com> | 2023-05-22 10:56:53 -0500 | 
|---|---|---|
| committer | Jason Gunthorpe <jgg@nvidia.com> | 2023-05-29 14:06:29 -0300 | 
| commit | c8f304d75f6c6cc679a73f89591f9a915da38f09 (patch) | |
| tree | 02c545d91caedbaa6d2886a145241544cc4253cb /drivers/fpga/fpga-mgr.c | |
| parent | ffe14de983252862c91ad23bd5ca72fd9398d0e6 (diff) | |
RDMA/irdma: Prevent QP use after free
There is a window where the poll cq may use a QP that has been freed.
This can happen if a CQE is polled before irdma_clean_cqes() can clear the
CQE's related to the QP and the destroy QP races to free the QP memory.
then the QP structures are used in irdma_poll_cq.  Fix this by moving the
clearing of CQE's before the reference is removed and the QP is destroyed.
Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
Link: https://lore.kernel.org/r/20230522155654.1309-3-shiraz.saleem@intel.com
Signed-off-by: Mustafa Ismail <mustafa.ismail@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Diffstat (limited to 'drivers/fpga/fpga-mgr.c')
0 files changed, 0 insertions, 0 deletions
