CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved:

vduse: fix NULL pointer dereference

vdusevdpasetvqaffinity callback can be called with NULL value as cpu_mask when deleting the vduse device.

This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of dereferencing NULL cpu_mask.

[ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 4760.959110] #PF: supervisor read access in kernel mode [ 4760.964247] #PF: errorcode(0x0000) - not-present page [ 4760.969385] PGD 0 P4D 0 [ 4760.971927] Oops: 0000 [#1] PREEMPT SMP PTI [ 4760.976112] CPU: 13 PID: 2346 Comm: vdpa Not tainted 6.4.0-rc6+ #4 [ 4760.982291] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.8.1 06/26/2020 [ 4760.989769] RIP: 0010:memcpyorig+0xc5/0x130 [ 4760.994049] Code: 16 f8 4c 89 07 4c 89 4f 08 4c 89 54 17 f0 4c 89 5c 17 f8 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 fa 08 72 1b <4c> 8b 06 4c 8b 4c 16 f8 4c 89 07 4c 89 4c 17 f8 c3 cc cc cc cc 66 [ 4761.012793] RSP: 0018:ffffb1d565abb830 EFLAGS: 00010246 [ 4761.018020] RAX: ffff9f4bf6b27898 RBX: ffff9f4be23969c0 RCX: ffff9f4bcadf6400 [ 4761.025152] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff9f4bf6b27898 [ 4761.032286] RBP: 0000000000000000 R08: 0000000000000008 R09: 0000000000000000 [ 4761.039416] R10: 0000000000000000 R11: 0000000000000600 R12: 0000000000000000 [ 4761.046549] R13: 0000000000000000 R14: 0000000000000080 R15: ffffb1d565abbb10 [ 4761.053680] FS: 00007f64c2ec2740(0000) GS:ffff9f635f980000(0000) knlGS:0000000000000000 [ 4761.061765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4761.067513] CR2: 0000000000000000 CR3: 0000001875270006 CR4: 00000000007706e0 [ 4761.074645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4761.081775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4761.088909] PKRU: 55555554 [ 4761.091620] Call Trace: [ 4761.094074] <TASK> [ 4761.096180] ? __die+0x1f/0x70 [ 4761.099238] ? pagefaultoops+0x171/0x4f0 [ 4761.103340] ? exc_pagefault+0x7b/0x180 [ 4761.107265] ? asmexcpagefault+0x22/0x30 [ 4761.111460] ? memcpyorig+0xc5/0x130 [ 4761.115126] vdusevdpasetvqaffinity+0x3e/0x50 [vduse] [ 4761.120533] virtnetcleanaffinity.part.0+0x3d/0x90 [virtionet] [ 4761.126635] removevqcommon+0x1a4/0x250 [virtionet] [ 4761.131781] virtnetremove+0x5d/0x70 [virtionet] [ 4761.136580] virtiodevremove+0x3a/0x90 [ 4761.140509] devicereleasedriverinternal+0x19b/0x200 [ 4761.145742] busremovedevice+0xc2/0x130 [ 4761.149755] devicedel+0x158/0x3e0 [ 4761.153245] ? kernfsfindns+0x35/0xc0 [ 4761.157086] deviceunregister+0x13/0x60 [ 4761.161010] unregistervirtiodevice+0x11/0x20 [ 4761.165543] devicereleasedriverinternal+0x19b/0x200 [ 4761.170770] busremovedevice+0xc2/0x130 [ 4761.174782] devicedel+0x158/0x3e0 [ 4761.178276] ? __pfxvdpanamematch+0x10/0x10 [vdpa] [ 4761.183336] deviceunregister+0x13/0x60 [ 4761.187260] vdpanlcmddevdelsetdoit+0x63/0xe0 [vdpa]