CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana ib: Disable RX steering on RSS QP destroy

When an RSS QP is destroyed (e.g. DPDK exit), mana ib destroy qp rss() destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering configuration that still points to the destroyed RX objects.

If traffic continues to arrive (e.g. peer VM is still transmitting) and the VF interface is subsequently brought up (mana open), the firmware may deliver completions using stale CQ IDs from the old RX objects. These CQ IDs can be reused by the ethernet driver for new TX CQs, causing RX completions to land on TX CQs:

WARNING: mana poll tx cq+0x1b8/0x220 [mana] (is sq == false) WARNING: mana gd process eq events+0x209/0x290 (cq table lookup fails)

Fix this by disabling vPort RX steering before destroying RX WQ objects. Note that mana fence rqs() cannot be used here because the fence completion is delivered on the CQ, which is polled by user-mode (e.g. DPDK) and not visible to the kernel driver.

Refactor the disable logic into a shared mana disable vport rx() in mana en, exported for use by mana ib, replacing the duplicate code. The ethernet driver's mana dealloc queues() is also updated to call this common function.