Re: [PATCH] net/mlx5: Reorder completion before putting command entry in cmd_work_handler

[Tariq Toukan]

On 27/05/2026 17:19, Moshe Shemesh wrote:
> On 5/26/2026 7:29 PM, Nikolay Kuratov wrote:
> > Assuming callback != NULL && !page_queue, cmd_work_handler takes
> > command entry with refcnt == 1 from mlx5_cmd_invoke.
> > If either semaphore timeout or index allocation error happens,
> > it does final cmd_ent_put(ent). To avoid access to freed memory,
> > notify slotted completion before cmd_ent_put.
> >
> > This is theoretical issue found by Svace static analyser.
> >
> > Cc:stable@xxxxxxxxxxxxxxx
> > Fixes: 485d65e135712 ("net/mlx5: Add a timeout to acquire the command 
> > queue semaphore")
> > Fixes: 0e2909c6bec90 ("net/mlx5: Fix variable not being completed when 
> > function returns")
> > Signed-off-by: Nikolay Kuratov<kniv@xxxxxxxxxxxxxx>
> > ---
> >   drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 ++++--
> >   1 file changed, 4 insertions(+), 2 deletions(-)
>
> Reviewed-by: Moshe Shemesh <moshe@xxxxxxxxxx>
>
> Thanks.

Acked-by: Tariq Toukan <tariqt@xxxxxxxxxx>