CVE-2022-48811

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ibmvnic: don&amp;#39;t release napi in __ibmvnic_open()<br /> <br /> If __ibmvnic_open() encounters an error such as when setting link state,<br /> it calls release_resources() which frees the napi structures needlessly.<br /> Instead, have __ibmvnic_open() only clean up the work it did so far (i.e.<br /> disable napi and irqs) and leave the rest to the callers.<br /> <br /> If caller of __ibmvnic_open() is ibmvnic_open(), it should release the<br /> resources immediately. If the caller is do_reset() or do_hard_reset(),<br /> they will release the resources on the next reset.<br /> <br /> This fixes following crash that occurred when running the drmgr command<br /> several times to add/remove a vnic interface:<br /> <br /> [102056] ibmvnic 30000003 env3: Disabling rx_scrq[6] irq<br /> [102056] ibmvnic 30000003 env3: Disabling rx_scrq[7] irq<br /> [102056] ibmvnic 30000003 env3: Replenished 8 pools<br /> Kernel attempted to read user page (10) - exploit attempt? (uid: 0)<br /> BUG: Kernel NULL pointer dereference on read at 0x00000010<br /> Faulting instruction address: 0xc000000000a3c840<br /> Oops: Kernel access of bad area, sig: 11 [#1]<br /> LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries<br /> ...<br /> CPU: 9 PID: 102056 Comm: kworker/9:2 Kdump: loaded Not tainted 5.16.0-rc5-autotest-g6441998e2e37 #1<br /> Workqueue: events_long __ibmvnic_reset [ibmvnic]<br /> NIP: c000000000a3c840 LR: c0080000029b5378 CTR: c000000000a3c820<br /> REGS: c0000000548e37e0 TRAP: 0300 Not tainted (5.16.0-rc5-autotest-g6441998e2e37)<br /> MSR: 8000000000009033 CR: 28248484 XER: 00000004<br /> CFAR: c0080000029bdd24 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0<br /> GPR00: c0080000029b55d0 c0000000548e3a80 c0000000028f0200 0000000000000000<br /> ...<br /> NIP [c000000000a3c840] napi_enable+0x20/0xc0<br /> LR [c0080000029b5378] __ibmvnic_open+0xf0/0x430 [ibmvnic]<br /> Call Trace:<br /> [c0000000548e3a80] [0000000000000006] 0x6 (unreliable)<br /> [c0000000548e3ab0] [c0080000029b55d0] __ibmvnic_open+0x348/0x430 [ibmvnic]<br /> [c0000000548e3b40] [c0080000029bcc28] __ibmvnic_reset+0x500/0xdf0 [ibmvnic]<br /> [c0000000548e3c60] [c000000000176228] process_one_work+0x288/0x570<br /> [c0000000548e3d00] [c000000000176588] worker_thread+0x78/0x660<br /> [c0000000548e3da0] [c0000000001822f0] kthread+0x1c0/0x1d0<br /> [c0000000548e3e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64<br /> Instruction dump:<br /> 7d2948f8 792307e0 4e800020 60000000 3c4c01eb 384239e0 f821ffd1 39430010<br /> 38a0fff6 e92d1100 f9210028 39200000 f9010020 60420000 e9210020<br /> ---[ end trace 5f8033b08fd27706 ]---