In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow,
the device state is set to internal error, which indicates that the driver
started the destroy process. In this case, when a destroy command is being
executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX
and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call
trace in the umem release process - [ 2633.536695] Call Trace: [
2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596]
remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641]
disable_device+0x8c/0x130 [ib_core] [ 2633.540615]
__ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640]
ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663]
__mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640]
auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661]
device_release_driver_internal+0x103/0x1f0 [ 2633.545679]
bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [
2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [
2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841]
mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0
[mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731]
device_release_driver_internal+0x103/0x1f0 [ 2633.553746]
unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [
2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [
2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071]
entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP:
0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3
0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8
01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54
49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246
ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX:
000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c
RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP:
000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653]
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [
2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15:
000000000000000c [ 2633.568725] —[ end trace 10b4fe52945e544d ]—
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1001.2 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-iot | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-kvm | < any | UNKNOWN |
git.kernel.org/linus/ba50cd9451f6c49cf0841c0a4a146ff6a2822699 (5.16-rc2)
git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48
git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699
launchpad.net/bugs/cve/CVE-2021-47212
nvd.nist.gov/vuln/detail/CVE-2021-47212
security-tracker.debian.org/tracker/CVE-2021-47212
www.cve.org/CVERecord?id=CVE-2021-47212