RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA

Race in qedr_poll_cq, lastest_cqe wasn't protected by lock,
leading to a case where two context's accessing poll_cq at
the same time lead to one of them having a pointer to an old
latest_cqe and reading an invalid cqe element

Signed-off-by: Amit Radzi <Amit.Radzi@cavium.com>
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/drivers/infiniband/hw/qedr/verbs.c b/drivers/infiniband/hw/qedr/verbs.c
index 53f00dbf313f..102b9e0efe9a 100644
--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -3724,7 +3724,7 @@ int qedr_poll_cq(struct ib_cq *ibcq, int num_entries, struct ib_wc *wc)
 {
         struct qedr_dev *dev = get_qedr_dev(ibcq->device);
         struct qedr_cq *cq = get_qedr_cq(ibcq);
-        union rdma_cqe *cqe = cq->latest_cqe;
+        union rdma_cqe *cqe;
         u32 old_cons, new_cons;
         unsigned long flags;
         int update = 0;
@@ -3741,6 +3741,7 @@ int qedr_poll_cq(struct ib_cq *ibcq, int num_entries, struct ib_wc *wc)
                 return qedr_gsi_poll_cq(ibcq, num_entries, wc);
 
         spin_lock_irqsave(&cq->cq_lock, flags);
+        cqe = cq->latest_cqe;
         old_cons = qed_chain_get_cons_idx_u32(&cq->pbl);
         while (num_entries && is_valid_cqe(cq, cqe)) {
                 struct qedr_qp *qp;