CVE-2022-50064

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-blk: Avoid use-after-free on suspend/resume<br /> <br /> hctx-&gt;user_data is set to vq in virtblk_init_hctx(). However, vq is<br /> freed on suspend and reallocated on resume. So, hctx-&gt;user_data is<br /> invalid after resume, and it will cause use-after-free accessing which<br /> will result in the kernel crash something like below:<br /> <br /> [ 22.428391] Call Trace:<br /> [ 22.428899] <br /> [ 22.429339] virtqueue_add_split+0x3eb/0x620<br /> [ 22.430035] ? __blk_mq_alloc_requests+0x17f/0x2d0<br /> [ 22.430789] ? kvm_clock_get_cycles+0x14/0x30<br /> [ 22.431496] virtqueue_add_sgs+0xad/0xd0<br /> [ 22.432108] virtblk_add_req+0xe8/0x150<br /> [ 22.432692] virtio_queue_rqs+0xeb/0x210<br /> [ 22.433330] blk_mq_flush_plug_list+0x1b8/0x280<br /> [ 22.434059] __blk_flush_plug+0xe1/0x140<br /> [ 22.434853] blk_finish_plug+0x20/0x40<br /> [ 22.435512] read_pages+0x20a/0x2e0<br /> [ 22.436063] ? folio_add_lru+0x62/0xa0<br /> [ 22.436652] page_cache_ra_unbounded+0x112/0x160<br /> [ 22.437365] filemap_get_pages+0xe1/0x5b0<br /> [ 22.437964] ? context_to_sid+0x70/0x100<br /> [ 22.438580] ? sidtab_context_to_sid+0x32/0x400<br /> [ 22.439979] filemap_read+0xcd/0x3d0<br /> [ 22.440917] xfs_file_buffered_read+0x4a/0xc0<br /> [ 22.441984] xfs_file_read_iter+0x65/0xd0<br /> [ 22.442970] __kernel_read+0x160/0x2e0<br /> [ 22.443921] bprm_execve+0x21b/0x640<br /> [ 22.444809] do_execveat_common.isra.0+0x1a8/0x220<br /> [ 22.446008] __x64_sys_execve+0x2d/0x40<br /> [ 22.446920] do_syscall_64+0x37/0x90<br /> [ 22.447773] entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> This patch fixes this issue by getting vq from vblk, and removes<br /> virtblk_init_hctx().