CVE-2021-47536

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/smc: fix wrong list_del in smc_lgr_cleanup_early<br /> <br /> smc_lgr_cleanup_early() meant to delete the link<br /> group from the link group list, but it deleted<br /> the list head by mistake.<br /> <br /> This may cause memory corruption since we didn&amp;#39;t<br /> remove the real link group from the list and later<br /> memseted the link group structure.<br /> We got a list corruption panic when testing:<br /> <br /> [  231.277259] list_del corruption. prev-&gt;next should be ffff8881398a8000, but was 0000000000000000<br /> [  231.278222] ------------[ cut here ]------------<br /> [  231.278726] kernel BUG at lib/list_debug.c:53!<br /> [  231.279326] invalid opcode: 0000 [#1] SMP NOPTI<br /> [  231.279803] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.46+ #435<br /> [  231.280466] Hardware name: Alibaba Cloud ECS, BIOS 8c24b4c 04/01/2014<br /> [  231.281248] Workqueue: events smc_link_down_work<br /> [  231.281732] RIP: 0010:__list_del_entry_valid+0x70/0x90<br /> [  231.282258] Code: 4c 60 82 e8 7d cc 6a 00 0f 0b 48 89 fe 48 c7 c7 88 4c<br /> 60 82 e8 6c cc 6a 00 0f 0b 48 89 fe 48 c7 c7 c0 4c 60 82 e8 5b cc 6a 00 <br /> 0b 48 89 fe 48 c7 c7 00 4d 60 82 e8 4a cc 6a 00 0f 0b cc cc cc<br /> [  231.284146] RSP: 0018:ffffc90000033d58 EFLAGS: 00010292<br /> [  231.284685] RAX: 0000000000000054 RBX: ffff8881398a8000 RCX: 0000000000000000<br /> [  231.285415] RDX: 0000000000000001 RSI: ffff88813bc18040 RDI: ffff88813bc18040<br /> [  231.286141] RBP: ffffffff8305ad40 R08: 0000000000000003 R09: 0000000000000001<br /> [  231.286873] R10: ffffffff82803da0 R11: ffffc90000033b90 R12: 0000000000000001<br /> [  231.287606] R13: 0000000000000000 R14: ffff8881398a8000 R15: 0000000000000003<br /> [  231.288337] FS:  0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000<br /> [  231.289160] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [  231.289754] CR2: 0000000000e72058 CR3: 000000010fa96006 CR4: 00000000003706f0<br /> [  231.290485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [  231.291211] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> [  231.291940] Call Trace:<br /> [  231.292211]  smc_lgr_terminate_sched+0x53/0xa0<br /> [  231.292677]  smc_switch_conns+0x75/0x6b0<br /> [  231.293085]  ? update_load_avg+0x1a6/0x590<br /> [  231.293517]  ? ttwu_do_wakeup+0x17/0x150<br /> [  231.293907]  ? update_load_avg+0x1a6/0x590<br /> [  231.294317]  ? newidle_balance+0xca/0x3d0<br /> [  231.294716]  smcr_link_down+0x50/0x1a0<br /> [  231.295090]  ? __wake_up_common_lock+0x77/0x90<br /> [  231.295534]  smc_link_down_work+0x46/0x60<br /> [  231.295933]  process_one_work+0x18b/0x350