On 2025/2/19 20:14, Leon Romanovsky wrote: > On Mon, Feb 17, 2025 at 03:01:19PM +0800, Junxian Huang wrote: >> When mailboxes for resource(QP/CQ/SRQ) destruction fail, it's unable >> to notify HW about the destruction. In this case, driver will still >> free the resources, while HW may still access them, thus leading to >> a UAF. > >> This series introduces delay-destruction mechanism to fix such HW UAF, >> including thw HW CTX and doorbells. > > And why can't you fix FW instead? > The key is the failure of mailbox, and there are some cases that would lead to it, which we don't really consider as FW bugs. For example, when some random fatal error like RAS error occurs in FW, our FW will be reset. Driver's mailbox will fail during the FW reset. Another case is the mailbox timeout when FW is under heavy load, as it is shared by multi-functions. Thanks, Junxian > Thanks
