CVE-2021-47199

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: CT, Fix multiple allocations and memleak of mod acts<br /> <br /> CT clear action offload adds additional mod hdr actions to the<br /> flow&amp;#39;s original mod actions in order to clear the registers which<br /> hold ct_state.<br /> When such flow also includes encap action, a neigh update event<br /> can cause the driver to unoffload the flow and then reoffload it.<br /> <br /> Each time this happens, the ct clear handling adds that same set<br /> of mod hdr actions to reset ct_state until the max of mod hdr<br /> actions is reached.<br /> <br /> Also the driver never releases the allocated mod hdr actions and<br /> causing a memleak.<br /> <br /> Fix above two issues by moving CT clear mod acts allocation<br /> into the parsing actions phase and only use it when offloading the rule.<br /> The release of mod acts will be done in the normal flow_put().<br /> <br /> backtrace:<br /> [] krealloc+0x83/0xd0<br /> [] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core]<br /> [] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core]<br /> [] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core]<br /> [] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core]<br /> [] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core]<br /> [] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core]<br /> [] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core]<br /> [] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core]<br /> [] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core]