mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-19 02:26:44 +07:00
![]() If qeth_qdio_output_handler() detects that a transmit requires async
completion, it replaces the pending buffer's metadata object
(qeth_qdio_out_buffer) so that this queue buffer can be re-used while
the data is pending completion.
Later when the CQ indicates async completion of such a metadata object,
qeth_qdio_cq_handler() tries to free any data associated with this
object (since HW has now completed the transfer). By calling
qeth_clear_output_buffer(), it erronously operates on the queue buffer
that _previously_ belonged to this transfer ... but which has been
potentially re-used several times by now.
This results in double-free's of the buffer's data, and failing
transmits as the buffer descriptor is scrubbed in mid-air.
The correct way of handling this situation is to
1. scrub the queue buffer when it is prepared for re-use, and
2. later obtain the data addresses from the async-completion notifier
(ie. the AOB), instead of the queue buffer.
All this only affects qeth devices used for af_iucv HiperTransport.
Fixes:
|
||
---|---|---|
.. | ||
ctcm_dbug.c | ||
ctcm_dbug.h | ||
ctcm_fsms.c | ||
ctcm_fsms.h | ||
ctcm_main.c | ||
ctcm_main.h | ||
ctcm_mpc.c | ||
ctcm_mpc.h | ||
ctcm_sysfs.c | ||
fsm.c | ||
fsm.h | ||
Kconfig | ||
lcs.c | ||
lcs.h | ||
Makefile | ||
netiucv.c | ||
qeth_core_main.c | ||
qeth_core_mpc.c | ||
qeth_core_mpc.h | ||
qeth_core_sys.c | ||
qeth_core.h | ||
qeth_l2_main.c | ||
qeth_l2_sys.c | ||
qeth_l2.h | ||
qeth_l3_main.c | ||
qeth_l3_sys.c | ||
qeth_l3.h | ||
smsgiucv_app.c | ||
smsgiucv.c | ||
smsgiucv.h |