Add Greg in the loop. Thanks. On 9/20/2024 8:57 PM, Jason Gunthorpe wrote:
CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On Fri, Sep 20, 2024 at 08:45:40PM +0800, haixiao.yan.cn@xxxxxxxxxxxxx wrote:From: Chengchang Tang <tangchengchang@xxxxxxxxxx> [ Upstream commit a942ec2745ca864cd8512142100e4027dc306a42 ] The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_lock() to protect the CQ refcount. Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver") Signed-off-by: Chengchang Tang <tangchengchang@xxxxxxxxxx> Signed-off-by: Junxian Huang <huangjunxian6@xxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20240412091616.370789-6-huangjunxian6@xxxxxxxxxxxxx Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx> Signed-off-by: Haixiao Yan <haixiao.yan.cn@xxxxxxxxxxxxx> --- This commit is backporting a942ec2745ca to the branch linux-5.15.y to solve the CVE-2024-38545. Please merge this commit to linux-5.15.y.Don't you need to send this to the stable maintainers too? Jason
