| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251109115402.GJ15456@unreal>
Date: Sun, 9 Nov 2025 13:54:02 +0200
From: Leon Romanovsky <leon@...nel.org>
To: Tariq Toukan <tariqt@...dia.com>, Jakub Kicinski <kuba@...nel.org>
Cc: Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Jason Gunthorpe <jgg@...pe.ca>, Saeed Mahameed <saeedm@...dia.com>,
Mark Bloch <mbloch@...dia.com>,
Dragos Tatulea <dtatulea@...dia.com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Jason Wang <jasowang@...hat.com>, linux-rdma@...r.kernel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
virtualization@...ts.linux.dev, Gal Pressman <gal@...dia.com>,
Edward Srouji <edwards@...dia.com>,
Moshe Shemesh <moshe@...dia.com>,
Akiva Goldberger <agoldberger@...dia.com>
Subject: Re: [PATCH net] mlx5: Fix default values in create CQ
On Sun, Nov 09, 2025 at 11:49:03AM +0200, Tariq Toukan wrote:
> From: Akiva Goldberger <agoldberger@...dia.com>
>
> Currently, CQs without a completion function are assigned the
> mlx5_add_cq_to_tasklet function by default. This is problematic since
> only user CQs created through the mlx5_ib driver are intended to use
> this function.
>
> Additionally, all CQs that will use doorbells instead of polling for
> completions must call mlx5_cq_arm. However, the default CQ creation flow
> leaves a valid value in the CQ's arm_db field, allowing FW to send
> interrupts to polling-only CQs in certain corner cases.
>
> These two factors would allow a polling-only kernel CQ to be triggered
> by an EQ interrupt and call a completion function intended only for user
> CQs, causing a null pointer exception.
>
> Some areas in the driver have prevented this issue with one-off fixes
> but did not address the root cause.
>
> This patch fixes the described issue by adding defaults to the create CQ
> flow. It adds a default dummy completion function to protect against
> null pointer exceptions, and it sets an invalid command sequence number
> by default in kernel CQs to prevent the FW from sending an interrupt to
> the CQ until it is armed. User CQs are responsible for their own
> initialization values.
>
> Callers of mlx5_core_create_cq are responsible for changing the
> completion function and arming the CQ per their needs.
>
> Fixes: cdd04f4d4d71 ("net/mlx5: Add support to create SQ and CQ for ASO")
> Signed-off-by: Akiva Goldberger <agoldberger@...dia.com>
> Reviewed-by: Moshe Shemesh <moshe@...dia.com>
> Signed-off-by: Tariq Toukan <tariqt@...dia.com>
> ---
> drivers/infiniband/hw/mlx5/cq.c | 11 +++++---
It can safely go to net as we already sent our rdma-rc PR to Linus
and won't have any fixes in drivers/infiniband/hw/mlx5/cq.c in this
cycle.
Acked-by: Leon Romanovsky <leon@...nel.org>
Thanks
> drivers/net/ethernet/mellanox/mlx5/core/cq.c | 23 +++++++++++++--
> .../net/ethernet/mellanox/mlx5/core/en_main.c | 1 -
> .../ethernet/mellanox/mlx5/core/fpga/conn.c | 15 +++++-----
> .../mellanox/mlx5/core/steering/hws/send.c | 7 -----
> .../mellanox/mlx5/core/steering/sws/dr_send.c | 28 +++++--------------
> drivers/vdpa/mlx5/net/mlx5_vnet.c | 6 ++--
> include/linux/mlx5/cq.h | 1 +
> 8 files changed, 44 insertions(+), 48 deletions(-)
Powered by blists - more mailing lists