CVE-2022-50129

In the Linux kernel, the following vulnerability has been resolved:

RDMA/srpt: Fix a use-after-free

Change the LIO port members inside struct srptport from regular members into pointers. Allocate the LIO port data structures from inside srptmaketport() and free these from inside srptmaketport(). Keep struct srptdevice as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srptport (controlled by the RDMA core) and struct srptport_id (controlled by LIO). This patch fixes the following KASAN complaint:

BUG: KASAN: use-after-free in srptenabletpg+0x31/0x70 [ib_srpt] Read of size 8 at addr ffff888141cc34b8 by task check/5093

Call Trace: <TASK> showstack+0x4e/0x53 dumpstacklvl+0x51/0x66 printaddressdescription.constprop.0.cold+0xea/0x41e printreport.cold+0x90/0x205 kasan_report+0xb9/0xf0 __asanload8+0x69/0x90 srptenabletpg+0x31/0x70 [ibsrpt] targetfabrictpgbaseenablestore+0xe2/0x140 [targetcoremod] configfswriteiter+0x18b/0x210 newsyncwrite+0x1f2/0x2f0 vfswrite+0x3e3/0x540 ksys_write+0xbb/0x140 __x64syswrite+0x42/0x50 dosyscall64+0x34/0x80 entrySYSCALL64afterhwframe+0x46/0xb0 </TASK>