CVE-2021-47392

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure<br /> <br /> If cma_listen_on_all() fails it leaves the per-device ID still on the<br /> listen_list but the state is not set to RDMA_CM_ADDR_BOUND.<br /> <br /> When the cmid is eventually destroyed cma_cancel_listens() is not called<br /> due to the wrong state, however the per-device IDs are still holding the<br /> refcount preventing the ID from being destroyed, thus deadlocking:<br /> <br /> task:rping state:D stack: 0 pid:19605 ppid: 47036 flags:0x00000084<br /> Call Trace:<br /> __schedule+0x29a/0x780<br /> ? free_unref_page_commit+0x9b/0x110<br /> schedule+0x3c/0xa0<br /> schedule_timeout+0x215/0x2b0<br /> ? __flush_work+0x19e/0x1e0<br /> wait_for_completion+0x8d/0xf0<br /> _destroy_id+0x144/0x210 [rdma_cm]<br /> ucma_close_id+0x2b/0x40 [rdma_ucm]<br /> __destroy_id+0x93/0x2c0 [rdma_ucm]<br /> ? __xa_erase+0x4a/0xa0<br /> ucma_destroy_id+0x9a/0x120 [rdma_ucm]<br /> ucma_write+0xb8/0x130 [rdma_ucm]<br /> vfs_write+0xb4/0x250<br /> ksys_write+0xb5/0xd0<br /> ? syscall_trace_enter.isra.19+0x123/0x190<br /> do_syscall_64+0x33/0x40<br /> entry_SYSCALL_64_after_hwframe+0x44/0xa9<br /> <br /> Ensure that cma_listen_on_all() atomically unwinds its action under the<br /> lock during error.