CVE-2022-49065

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> SUNRPC: Fix the svc_deferred_event trace class<br /> <br /> Fix a NULL deref crash that occurs when an svc_rqst is deferred<br /> while the sunrpc tracing subsystem is enabled. svc_revisit() sets<br /> dr-&gt;xprt to NULL, so it can&amp;#39;t be relied upon in the tracepoint to<br /> provide the remote&amp;#39;s address.<br /> <br /> Unfortunately we can&amp;#39;t revert the "svc_deferred_class" hunk in<br /> commit ece200ddd54b ("sunrpc: Save remote presentation address in<br /> svc_xprt for trace events") because there is now a specific check<br /> of event format specifiers for unsafe dereferences. The warning<br /> that check emits is:<br /> <br /> event svc_defer_recv has unsafe dereference of argument 1<br /> <br /> A "%pISpc" format specifier with a "struct sockaddr *" is indeed<br /> flagged by this check.<br /> <br /> Instead, take the brute-force approach used by the svcrdma_qp_error<br /> tracepoint. Convert the dr::addr field into a presentation address<br /> in the TP_fast_assign() arm of the trace event, and store that as<br /> a string. This fix can be backported to -stable kernels.<br /> <br /> In the meantime, commit c6ced22997ad ("tracing: Update print fmt<br /> check to handle new __get_sockaddr() macro") is now in v5.18, so<br /> this wonky fix can be replaced with __sockaddr() and friends<br /> properly during the v5.19 merge window.