On Fri, Sep 20, 2024 at 08:45:40PM +0800, haixiao.yan.cn@xxxxxxxxxxxxx wrote:
> From: Chengchang Tang <tangchengchang@xxxxxxxxxx>
>
> [ Upstream commit a942ec2745ca864cd8512142100e4027dc306a42 ]
>
> The refcount of CQ is not protected by locks. When CQ asynchronous
> events and CQ destruction are concurrent, CQ may have been released,
> which will cause UAF.
>
> Use the xa_lock() to protect the CQ refcount.
>
> Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
> Signed-off-by: Chengchang Tang <tangchengchang@xxxxxxxxxx>
> Signed-off-by: Junxian Huang <huangjunxian6@xxxxxxxxxxxxx>
> Link: https://lore.kernel.org/r/20240412091616.370789-6-huangjunxian6@xxxxxxxxxxxxx
> Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx>
> Signed-off-by: Haixiao Yan <haixiao.yan.cn@xxxxxxxxxxxxx>
> ---
> This commit is backporting a942ec2745ca to the branch linux-5.15.y to
> solve the CVE-2024-38545. Please merge this commit to linux-5.15.y.
Don't you need to send this to the stable maintainers too?
Jason
