CVE-2022-50476

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ntb_netdev: Use dev_kfree_skb_any() in interrupt context<br /> <br /> TX/RX callback handlers (ntb_netdev_tx_handler(),<br /> ntb_netdev_rx_handler()) can be called in interrupt<br /> context via the DMA framework when the respective<br /> DMA operations have completed. As such, any calls<br /> by these routines to free skb&amp;#39;s, should use the<br /> interrupt context safe dev_kfree_skb_any() function.<br /> <br /> Previously, these callback handlers would call the<br /> interrupt unsafe version of dev_kfree_skb(). This has<br /> not presented an issue on Intel IOAT DMA engines as<br /> that driver utilizes tasklets rather than a hard<br /> interrupt handler, like the AMD PTDMA DMA driver.<br /> On AMD systems, a kernel WARNING message is<br /> encountered, which is being issued from<br /> skb_release_head_state() due to in_hardirq()<br /> being true.<br /> <br /> Besides the user visible WARNING from the kernel,<br /> the other symptom of this bug was that TCP/IP performance<br /> across the ntb_netdev interface was very poor, i.e.<br /> approximately an order of magnitude below what was<br /> expected. With the repair to use dev_kfree_skb_any(),<br /> kernel WARNINGs from skb_release_head_state() ceased<br /> and TCP/IP performance, as measured by iperf, was on<br /> par with expected results, approximately 20 Gb/s on<br /> AMD Milan based server. Note that this performance<br /> is comparable with Intel based servers.