CVE-2022-49687

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio_net: fix xdp_rxq_info bug after suspend/resume<br /> <br /> The following sequence currently causes a driver bug warning<br /> when using virtio_net:<br /> <br /> # ip link set eth0 up<br /> # echo mem &gt; /sys/power/state (or e.g. # rtcwake -s 10 -m mem)<br /> <br /> # ip link set eth0 down<br /> <br /> Missing register, driver bug<br /> WARNING: CPU: 0 PID: 375 at net/core/xdp.c:138 xdp_rxq_info_unreg+0x58/0x60<br /> Call trace:<br /> xdp_rxq_info_unreg+0x58/0x60<br /> virtnet_close+0x58/0xac<br /> __dev_close_many+0xac/0x140<br /> __dev_change_flags+0xd8/0x210<br /> dev_change_flags+0x24/0x64<br /> do_setlink+0x230/0xdd0<br /> ...<br /> <br /> This happens because virtnet_freeze() frees the receive_queue<br /> completely (including struct xdp_rxq_info) but does not call<br /> xdp_rxq_info_unreg(). Similarly, virtnet_restore() sets up the<br /> receive_queue again but does not call xdp_rxq_info_reg().<br /> <br /> Actually, parts of virtnet_freeze_down() and virtnet_restore_up()<br /> are almost identical to virtnet_close() and virtnet_open(): only<br /> the calls to xdp_rxq_info_(un)reg() are missing. This means that<br /> we can fix this easily and avoid such problems in the future by<br /> just calling virtnet_close()/open() from the freeze/restore handlers.<br /> <br /> Aside from adding the missing xdp_rxq_info calls the only difference<br /> is that the refill work is only cancelled if netif_running(). However,<br /> this should not make any functional difference since the refill work<br /> should only be active if the network interface is actually up.