This is a note to let you know that I've just added the patch titled net/mlx5: Fix forced completion access non initialized command entry to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-mlx5-fix-forced-completion-access-non-initialized-command-entry.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Tue 12 May 2020 11:16:51 AM CEST From: Moshe Shemesh <moshe@xxxxxxxxxxxx> Date: Sun, 21 Jul 2019 08:40:13 +0300 Subject: net/mlx5: Fix forced completion access non initialized command entry From: Moshe Shemesh <moshe@xxxxxxxxxxxx> [ Upstream commit f3cb3cebe26ed4c8036adbd9448b372129d3c371 ] mlx5_cmd_flush() will trigger forced completions to all valid command entries. Triggered by an asynch event such as fast teardown it can happen at any stage of the command, including command initialization. It will trigger forced completion and that can lead to completion on an uninitialized command entry. Setting MLX5_CMD_ENT_STATE_PENDING_COMP only after command entry is initialized will ensure force completion is treated only if command entry is initialized. Fixes: 73dd3a4839c1 ("net/mlx5: Avoid using pending command interface slots") Signed-off-by: Moshe Shemesh <moshe@xxxxxxxxxxxx> Signed-off-by: Eran Ben Elisha <eranbe@xxxxxxxxxxxx> Signed-off-by: Saeed Mahameed <saeedm@xxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -831,7 +831,6 @@ static void cmd_work_handler(struct work } cmd->ent_arr[ent->idx] = ent; - set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state); lay = get_inst(cmd, ent->idx); ent->lay = lay; memset(lay, 0, sizeof(*lay)); @@ -853,6 +852,7 @@ static void cmd_work_handler(struct work if (ent->callback) schedule_delayed_work(&ent->cb_timeout_work, cb_timeout); + set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state); /* Skip sending command to fw if internal error */ if (pci_channel_offline(dev->pdev) || Patches currently in stable-queue which might be from moshe@xxxxxxxxxxxx are queue-4.14/net-mlx5-fix-forced-completion-access-non-initialized-command-entry.patch queue-4.14/net-mlx5-fix-command-entry-leak-in-internal-error-state.patch