CVE-2023-52792

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails<br /> <br /> Commit 5e42bcbc3fef ("cxl/region: decrement -&gt;nr_targets on error in<br /> cxl_region_attach()") tried to avoid &amp;#39;eiw&amp;#39; initialization errors when<br /> -&gt;nr_targets exceeded 16, by just decrementing -&gt;nr_targets when<br /> cxl_region_setup_targets() failed.<br /> <br /> Commit 86987c766276 ("cxl/region: Cleanup target list on attach error")<br /> extended that cleanup to also clear cxled-&gt;pos and p-&gt;targets[pos]. The<br /> initialization error was incidentally fixed separately by:<br /> Commit 8d4285425714 ("cxl/region: Fix port setup uninitialized variable<br /> warnings") which was merged a few days after 5e42bcbc3fef.<br /> <br /> But now the original cleanup when cxl_region_setup_targets() fails<br /> prevents endpoint and switch decoder resources from being reused:<br /> <br /> 1) the cleanup does not set the decoder&amp;#39;s region to NULL, which results<br /> in future dpa_size_store() calls returning -EBUSY<br /> 2) the decoder is not properly freed, which results in future commit<br /> errors associated with the upstream switch<br /> <br /> Now that the initialization errors were fixed separately, the proper<br /> cleanup for this case is to just return immediately. Then the resources<br /> associated with this target get cleanup up as normal when the failed<br /> region is deleted.<br /> <br /> The -&gt;nr_targets decrement in the error case also helped prevent<br /> a p-&gt;targets[] array overflow, so add a new check to prevent against<br /> that overflow.<br /> <br /> Tested by trying to create an invalid region for a 2 switch * 2 endpoint<br /> topology, and then following up with creating a valid region.