CVE-2022-50476

In the Linux kernel, the following vulnerability has been resolved:

ntbnetdev: Use devkfreeskbany() in interrupt context

TX/RX callback handlers (ntbnetdevtxhandler(), ntbnetdevrxhandler()) can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such, any calls by these routines to free skb's, should use the interrupt context safe devkfreeskb_any() function.

Previously, these callback handlers would call the interrupt unsafe version of devkfreeskb(). This has not presented an issue on Intel IOAT DMA engines as that driver utilizes tasklets rather than a hard interrupt handler, like the AMD PTDMA DMA driver. On AMD systems, a kernel WARNING message is encountered, which is being issued from skbreleaseheadstate() due to inhardirq() being true.

Besides the user visible WARNING from the kernel, the other symptom of this bug was that TCP/IP performance across the ntbnetdev interface was very poor, i.e. approximately an order of magnitude below what was expected. With the repair to use devkfreeskbany(), kernel WARNINGs from skbreleasehead_state() ceased and TCP/IP performance, as measured by iperf, was on par with expected results, approximately 20 Gb/s on AMD Milan based server. Note that this performance is comparable with Intel based servers.