CVE-2023-53286

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/mlx5: Return the firmware result upon destroying QP/RQ<br /> <br /> Previously when destroying a QP/RQ, the result of the firmware<br /> destruction function was ignored and upper layers weren&amp;#39;t informed<br /> about the failure.<br /> Which in turn could lead to various problems since when upper layer<br /> isn&amp;#39;t aware of the failure it continues its operation thinking that the<br /> related QP/RQ was successfully destroyed while it actually wasn&amp;#39;t,<br /> which could lead to the below kernel WARN.<br /> <br /> Currently, we return the correct firmware destruction status to upper<br /> layers which in case of the RQ would be mlx5_ib_destroy_wq() which<br /> was already capable of handling RQ destruction failure or in case of<br /> a QP to destroy_qp_common(), which now would actually warn upon qp<br /> destruction failure.<br /> <br /> WARNING: CPU: 3 PID: 995 at drivers/infiniband/core/rdma_core.c:940 uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]<br /> Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core overlay mlx5_core fuse<br /> CPU: 3 PID: 995 Comm: python3 Not tainted 5.16.0-rc5+ #1<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014<br /> RIP: 0010:uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]<br /> Code: 41 5c 41 5d 41 5e e9 44 34 f0 e0 48 89 df e8 4c 77 ff ff 49 8b 86 10 01 00 00 48 85 c0 74 a1 4c 89 e7 ff d0 eb 9a 0f 0b eb c1 0b be 04 00 00 00 48 89 df e8 b6 f6 ff ff e9 75 ff ff ff 90 0f<br /> RSP: 0018:ffff8881533e3e78 EFLAGS: 00010287<br /> RAX: ffff88811b2cf3e0 RBX: ffff888106209700 RCX: 0000000000000000<br /> RDX: ffff888106209780 RSI: ffff8881533e3d30 RDI: ffff888109b101a0<br /> RBP: 0000000000000001 R08: ffff888127cb381c R09: 0de9890000000009<br /> R10: ffff888127cb3800 R11: 0000000000000000 R12: ffff888106209780<br /> R13: ffff888106209750 R14: ffff888100f20660 R15: 0000000000000000<br /> FS: 00007f8be353b740(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f8bd5b117c0 CR3: 000000012cd8a004 CR4: 0000000000370ea0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> ib_uverbs_close+0x1a/0x90 [ib_uverbs]<br /> __fput+0x82/0x230<br /> task_work_run+0x59/0x90<br /> exit_to_user_mode_prepare+0x138/0x140<br /> syscall_exit_to_user_mode+0x1d/0x50<br /> ? __x64_sys_close+0xe/0x40<br /> do_syscall_64+0x4a/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> RIP: 0033:0x7f8be3ae0abb<br /> Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 83 43 f9 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 c1 43 f9 ff 8b 44<br /> RSP: 002b:00007ffdb51909c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003<br /> RAX: 0000000000000000 RBX: 0000557bb7f7c020 RCX: 00007f8be3ae0abb<br /> RDX: 0000557bb7c74010 RSI: 0000557bb7f14ca0 RDI: 0000000000000005<br /> RBP: 0000557bb7fbd598 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000293 R12: 0000557bb7fbd5b8<br /> R13: 0000557bb7fbd5a8 R14: 0000000000001000 R15: 0000557bb7f7c020<br />