CVE-2024-26740

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: act_mirred: use the backlog for mirred ingress<br /> <br /> The test Davide added in commit ca22da2fbd69 ("act_mirred: use the backlog<br /> for nested calls to mirred ingress") hangs our testing VMs every 10 or so<br /> runs, with the familiar tcp_v4_rcv -&gt; tcp_v4_rcv deadlock reported by<br /> lockdep.<br /> <br /> The problem as previously described by Davide (see Link) is that<br /> if we reverse flow of traffic with the redirect (egress -&gt; ingress)<br /> we may reach the same socket which generated the packet. And we may<br /> still be holding its socket lock. The common solution to such deadlocks<br /> is to put the packet in the Rx backlog, rather than run the Rx path<br /> inline. Do that for all egress -&gt; ingress reversals, not just once<br /> we started to nest mirred calls.<br /> <br /> In the past there was a concern that the backlog indirection will<br /> lead to loss of error reporting / less accurate stats. But the current<br /> workaround does not seem to address the issue.