diff options
| author | Yishai Hadas <[email protected]> | 2025-05-13 11:02:40 +0000 |
|---|---|---|
| committer | Leon Romanovsky <[email protected]> | 2025-05-18 07:52:03 +0000 |
| commit | 972db388d40ded1a5ef8ce09d92ef1e2b9e40f07 (patch) | |
| tree | 3bc3057535b12b98b8d6af26fa6deec358a870c2 /scripts/gcc-plugins/sancov_plugin.c | |
| parent | Merge branch 'for-next' of https://git.kernel.org/pub/scm/linux/kernel/git/tn... (diff) | |
| download | kernel-972db388d40ded1a5ef8ce09d92ef1e2b9e40f07.tar.gz kernel-972db388d40ded1a5ef8ce09d92ef1e2b9e40f07.zip | |
RDMA/mlx5: Remove the redundant MLX5_IB_STAGE_UAR stage
The MLX5_IB_STAGE_UAR stage in the RDMA driver is redundant and should
be removed.
Responsibility for initializing the device's UAR pointer
(mdev->priv.uar) lies with mlx5_core, which already sets it during the
mlx5_load() process.
At present, the RDMA UAR stage overwrites this pointer, which was
correctly initialized by mlx5_core, creating the risk of inconsistency.
Ownership and management of the UAR pointer should remain exclusively
within mlx5_core.
In the current upstream code, we luckily receive the same pointer, since
mlx5_get_uars_page() still finds available BF registers for that UAR,
allowing it to be shared.
However, future changes in mlx5_core may expose this flaw.
For instance, if mlx5_alloc_bfreg() is invoked twice before the RDMA UAR
stage runs, the RDMA driver may overwrite the UAR allocated by
mlx5_core.
This could lead to real bugs. For example, if mlx5_ib is unloaded
(rmmod), it might free the UAR, leaving mlx5_core with a dangling
reference to an invalid UAR.
Signed-off-by: Yishai Hadas <[email protected]>
Reviewed-by: Fan Li <[email protected]>
Link: https://patch.msgid.link/feaa84ec6f20468b4935c439923e9266122a93d0.1747134130.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <[email protected]>
Diffstat (limited to 'scripts/gcc-plugins/sancov_plugin.c')
0 files changed, 0 insertions, 0 deletions