CVE-2022-48976

flowoffloadqueuework() can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC() there would cause a call trace:

BUG: using _thiscpuadd() in preemptible [00000000] code: kworker/u4:0/138560 caller is flowoffloadqueuework+0xec/0x1b0 [nfflowtable] Workqueue: actctworkqueue tcfctflowtablecleanupwork [actct] Call Trace: <TASK> dumpstacklvl+0x33/0x46 checkpreemptiondisabled+0xc3/0xf0 flowoffloadqueuework+0xec/0x1b0 [nfflowtable] nfflowtableiterate+0x138/0x170 [nfflowtable] nfflowtablefree+0x140/0x1a0 [nfflowtable] tcfctflowtablecleanupwork+0x2f/0x2b0 [actct] processonework+0x6a3/0x1030 workerthread+0x8a/0xdf0

This patch fixes it by using NFFLOWTABLESTATINCATOMIC() instead in flowoffloadqueuework().

Note that for FLOWCLSREPLACE branch in flowoffloadqueuework(), it may not be called in preemptible path, but it's good to use NFFLOWTABLESTATINCATOMIC() for all cases in flowoffloadqueue_work().

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48976.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b038177636f83bbf87c2b238706474145dd2cd04

Fixed

a220a11fda012fba506b35929672374c2723ae6d

Fixed

a81047154e7ce4eb8769d5d21adcbc9693542a79

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5345d78ae64d5a760c211cd2da995dc71c5b29e4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48976.json"