CVE-2022-50363

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> skmsg: pass gfp argument to alloc_sk_msg()<br /> <br /> syzbot found that alloc_sk_msg() could be called from a<br /> non sleepable context. sk_psock_verdict_recv() uses<br /> rcu_read_lock() protection.<br /> <br /> We need the callers to pass a gfp_t argument to avoid issues.<br /> <br /> syzbot report was:<br /> <br /> BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274<br /> in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414<br /> preempt_count: 0, expected: 0<br /> RCU nest depth: 1, expected: 0<br /> INFO: lockdep is turned off.<br /> CPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:88 [inline]<br /> dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106<br /> __might_resched+0x538/0x6a0 kernel/sched/core.c:9877<br /> might_alloc include/linux/sched/mm.h:274 [inline]<br /> slab_pre_alloc_hook mm/slab.h:700 [inline]<br /> slab_alloc_node mm/slub.c:3162 [inline]<br /> slab_alloc mm/slub.c:3256 [inline]<br /> kmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287<br /> kmalloc include/linux/slab.h:600 [inline]<br /> kzalloc include/linux/slab.h:733 [inline]<br /> alloc_sk_msg net/core/skmsg.c:507 [inline]<br /> sk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600<br /> sk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014<br /> sk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201<br /> tcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770<br /> tcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971<br /> tcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681<br /> sk_backlog_rcv include/net/sock.h:1109 [inline]<br /> __release_sock+0x1d8/0x4c0 net/core/sock.c:2906<br /> release_sock+0x5d/0x1c0 net/core/sock.c:3462<br /> tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483<br /> sock_sendmsg_nosec net/socket.c:714 [inline]<br /> sock_sendmsg net/socket.c:734 [inline]<br /> __sys_sendto+0x46d/0x5f0 net/socket.c:2117<br /> __do_sys_sendto net/socket.c:2129 [inline]<br /> __se_sys_sendto net/socket.c:2125 [inline]<br /> __x64_sys_sendto+0xda/0xf0 net/socket.c:2125<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd