CVE-2022-48976

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: flowtable_offload: fix using __this_cpu_add in preemptible<br /> <br /> flow_offload_queue_work() can be called in workqueue without<br /> bh disabled, like the call trace showed in my act_ct testing,<br /> calling NF_FLOW_TABLE_STAT_INC() there would cause a call<br /> trace:<br /> <br /> BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u4:0/138560<br /> caller is flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]<br /> Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct]<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x33/0x46<br /> check_preemption_disabled+0xc3/0xf0<br /> flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]<br /> nf_flow_table_iterate+0x138/0x170 [nf_flow_table]<br /> nf_flow_table_free+0x140/0x1a0 [nf_flow_table]<br /> tcf_ct_flow_table_cleanup_work+0x2f/0x2b0 [act_ct]<br /> process_one_work+0x6a3/0x1030<br /> worker_thread+0x8a/0xdf0<br /> <br /> This patch fixes it by using NF_FLOW_TABLE_STAT_INC_ATOMIC()<br /> instead in flow_offload_queue_work().<br /> <br /> Note that for FLOW_CLS_REPLACE branch in flow_offload_queue_work(),<br /> it may not be called in preemptible path, but it&amp;#39;s good to use<br /> NF_FLOW_TABLE_STAT_INC_ATOMIC() for all cases in<br /> flow_offload_queue_work().