From this webpage screenshot, we can extract the following key information about the vulnerability: 1. Vulnerability Description: - Issue Description: If the function is called with an invalid descriptor count of 0 (e.g., for DMA draining purposes), it may lead to a soft lockup. This occurs because the submission thread fails to detect the completion of invalid wait descriptors. - Impact: Although this bug currently has no impact on existing users, as no callers are submitting invalid descriptors with a count of 0, the fix enables future users (such as DMA draining) to safely call with 0 invalid descriptors. 2. Fix Mechanism: - Root Cause: The invalid descriptor state was being used for two conflicting purposes: - Signaling that a descriptor is ready to be freed. - Signaling that hardware wait descriptors have completed. - Solution: By introducing the state to separate these purposes, the function can now correctly detect the completion of invalid wait descriptors. 3. Code Changes: - File: - Changes: - Modified the function to ensure only invalid descriptors marked as are freed. - Modified the function to properly detect the completion of invalid wait descriptors during submission. 4. Sign-offs: - Author: Sanjay K Kumar - Other Sign-offs: Jacob Pan, Kevin Tian, Lu Baolu, Joerg Roedel, Sasha Levin 5. Links: - Upstream Commit: Upstream commit 3cf74230c139f208b7fb313ae0054386eee31a81 This information indicates that the soft lockup issue in the function when handling an invalid descriptor count of 0 has been resolved by separating the states of invalid descriptors, ensuring correct detection and handling.