CVE-2021-47130

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvmet: fix freeing unallocated p2pmem<br /> <br /> In case p2p device was found but the p2p pool is empty, the nvme target<br /> is still trying to free the sgl from the p2p pool instead of the<br /> regular sgl pool and causing a crash (BUG() is called). Instead, assign<br /> the p2p_dev for the request only if it was allocated from p2p pool.<br /> <br /> This is the crash that was caused:<br /> <br /> [Sun May 30 19:13:53 2021] ------------[ cut here ]------------<br /> [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!<br /> [Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI<br /> ...<br /> [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!<br /> ...<br /> [Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0<br /> ...<br /> [Sun May 30 19:13:53 2021] Call Trace:<br /> [Sun May 30 19:13:53 2021] ------------[ cut here ]------------<br /> [Sun May 30 19:13:53 2021] pci_free_p2pmem+0x2b/0x70<br /> [Sun May 30 19:13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80<br /> [Sun May 30 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet]<br /> [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!<br /> [Sun May 30 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma]<br /> [Sun May 30 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]