CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed<br /> <br /> There is a null-ptr-deref when mount.cifs over rdma:<br /> <br /> BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]<br /> Read of size 8 at addr 0000000000000018 by task mount.cifs/3046<br /> <br /> CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x34/0x44<br /> kasan_report+0xad/0x130<br /> rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]<br /> execute_in_process_context+0x25/0x90<br /> __rxe_cleanup+0x101/0x1d0 [rdma_rxe]<br /> rxe_create_qp+0x16a/0x180 [rdma_rxe]<br /> create_qp.part.0+0x27d/0x340<br /> ib_create_qp_kernel+0x73/0x160<br /> rdma_create_qp+0x100/0x230<br /> _smbd_get_connection+0x752/0x20f0<br /> smbd_get_connection+0x21/0x40<br /> cifs_get_tcp_session+0x8ef/0xda0<br /> mount_get_conns+0x60/0x750<br /> cifs_mount+0x103/0xd00<br /> cifs_smb3_do_mount+0x1dd/0xcb0<br /> smb3_get_tree+0x1d5/0x300<br /> vfs_get_tree+0x41/0xf0<br /> path_mount+0x9b3/0xdd0<br /> __x64_sys_mount+0x190/0x1d0<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> <br /> The root cause of the issue is the socket create failed in<br /> rxe_qp_init_req().<br /> <br /> So move the reset rxe_qp_do_cleanup() after the NULL ptr check.