In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow For the case of IBMRTYPEDM the mr does doesn't have a umem, even though it is a user MR. This causes function mlx5freeprivdescs() to think that it is a kernel MR, leading to wrongly accessing mr->descs that will get wrong values in the union which leads to attempt to release resources that were not allocated in the first place. For example: DMA-API: mlx5core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes] WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 checkunmap+0x54f/0x8b0 RIP: 0010:checkunmap+0x54f/0x8b0 Call Trace: debugdmaunmappage+0x57/0x60 mlx5freeprivdescs+0x57/0x70 [mlx5ib] mlx5ibderegmr+0x1fb/0x3d0 [mlx5ib] ibderegmruser+0x60/0x140 [ibcore] uverbsdestroyuobject+0x59/0x210 [ibuverbs] uobjdestroy+0x3f/0x80 [ibuverbs] ibuverbscmdverbs+0x435/0xd10 [ibuverbs] ? uverbsfinalizeobject+0x50/0x50 [ibuverbs] ? lockacquire+0xc4/0x2e0 ? lockacquired+0x12/0x380 ? lockacquire+0xc4/0x2e0 ? lockacquire+0xc4/0x2e0 ? ibuverbsioctl+0x7c/0x140 [ibuverbs] ? lockrelease+0x28a/0x400 ibuverbsioctl+0xc0/0x140 [ibuverbs] ? ibuverbsioctl+0x7c/0x140 [ibuverbs] _x64sysioctl+0x7f/0xb0 dosyscall64+0x38/0x90 Fix it by reorganizing the dereg flow and mlx5ibmr structure: - Move the ibumem field into the user MRs structure in the union as it's applicable only there. - Function mlx5ibderegmr() will now call mlx5freeprivdescs() only in case there isn't udata, which indicates that this isn't a user MR.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "dasd-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-modules-5.4.0-9-snapdragon": "5.4.0-9.12", "linux-image-unsigned-5.4.0-9-snapdragon": "5.4.0-9.12", "kernel-image-5.4.0-9-generic-di": "5.4.0-9.12", "parport-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-headers-5.4.0-9-generic-lpae": "5.4.0-9.12", "md-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-image-unsigned-5.4.0-9-lowlatency-dbgsym": "5.4.0-9.12", "storage-core-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-headers-5.4.0-9": "5.4.0-9.12", "ppp-modules-5.4.0-9-generic-di": "5.4.0-9.12", "plip-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "block-modules-5.4.0-9-generic-di": "5.4.0-9.12", "usb-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "vlan-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-udebs-generic": "5.4.0-9.12", "plip-modules-5.4.0-9-generic-di": "5.4.0-9.12", "nic-usb-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-modules-5.4.0-9-lowlatency": "5.4.0-9.12", "input-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "fs-core-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "ipmi-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "storage-core-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-modules-extra-5.4.0-9-generic": "5.4.0-9.12", "block-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-image-unsigned-5.4.0-9-generic-dbgsym": "5.4.0-9.12", "floppy-modules-5.4.0-9-generic-di": "5.4.0-9.12", "nic-shared-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "crypto-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "kernel-image-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "nic-pcmcia-modules-5.4.0-9-generic-di": "5.4.0-9.12", "virtio-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-image-5.4.0-9-generic-dbgsym": "5.4.0-9.12", "ipmi-modules-5.4.0-9-generic-di": "5.4.0-9.12", "pcmcia-storage-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-modules-5.4.0-9-generic": "5.4.0-9.12", "fb-modules-5.4.0-9-generic-di": "5.4.0-9.12", "nfs-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-buildinfo-5.4.0-9-generic": "5.4.0-9.12", "linux-image-unsigned-5.4.0-9-snapdragon-dbgsym": "5.4.0-9.12", "ppp-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-tools-5.4.0-9-generic": "5.4.0-9.12", "input-modules-5.4.0-9-generic-di": "5.4.0-9.12", "nic-shared-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-image-5.4.0-9-generic-lpae-dbgsym": "5.4.0-9.12", "nfs-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-headers-5.4.0-9-generic": "5.4.0-9.12", "linux-image-unsigned-5.4.0-9-lowlatency": "5.4.0-9.12", "linux-tools-5.4.0-9": "5.4.0-9.12", "crypto-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-headers-5.4.0-9-snapdragon": "5.4.0-9.12", "linux-buildinfo-5.4.0-9-lowlatency": "5.4.0-9.12", "linux-cloud-tools-common": "5.4.0-9.12", "md-modules-5.4.0-9-generic-di": "5.4.0-9.12", "serial-modules-5.4.0-9-generic-di": "5.4.0-9.12", "vlan-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-libc-dev": "5.4.0-9.12", "linux-source-5.4.0": "5.4.0-9.12", "linux-tools-5.4.0-9-lowlatency": "5.4.0-9.12", "nic-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-doc": "5.4.0-9.12", "nic-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "parport-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "fat-modules-5.4.0-9-generic-di": "5.4.0-9.12", "fs-secondary-modules-5.4.0-9-generic-di": "5.4.0-9.12", "message-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-buildinfo-5.4.0-9-generic-lpae": "5.4.0-9.12", "linux-image-unsigned-5.4.0-9-generic": "5.4.0-9.12", "multipath-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "sata-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "pata-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-image-5.4.0-9-generic": "5.4.0-9.12", "linux-tools-5.4.0-9-generic-lpae": "5.4.0-9.12", "linux-cloud-tools-5.4.0-9": "5.4.0-9.12", "mouse-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-tools-5.4.0-9-snapdragon": "5.4.0-9.12", "linux-headers-5.4.0-9-lowlatency": "5.4.0-9.12", "dasd-extra-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-modules-5.4.0-9-generic-lpae": "5.4.0-9.12", "linux-tools-host": "5.4.0-9.12", "linux-cloud-tools-5.4.0-9-lowlatency": "5.4.0-9.12", "linux-buildinfo-5.4.0-9-snapdragon": "5.4.0-9.12", "linux-udebs-generic-lpae": "5.4.0-9.12", "pcmcia-modules-5.4.0-9-generic-di": "5.4.0-9.12", "nic-usb-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "multipath-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-cloud-tools-5.4.0-9-generic": "5.4.0-9.12", "sata-modules-5.4.0-9-generic-di": "5.4.0-9.12", "linux-image-5.4.0-9-generic-lpae": "5.4.0-9.12", "scsi-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "linux-tools-common": "5.4.0-9.12", "mouse-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "fs-secondary-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12", "scsi-modules-5.4.0-9-generic-di": "5.4.0-9.12", "usb-modules-5.4.0-9-generic-di": "5.4.0-9.12", "fs-core-modules-5.4.0-9-generic-di": "5.4.0-9.12", "firewire-core-modules-5.4.0-9-generic-di": "5.4.0-9.12", "fat-modules-5.4.0-9-generic-lpae-di": "5.4.0-9.12" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-aws-cloud-tools-5.4.0-1005": "5.4.0-1005.5", "linux-image-5.4.0-1005-aws-dbgsym": "5.4.0-1005.5", "linux-modules-extra-5.4.0-1005-aws": "5.4.0-1005.5", "linux-headers-5.4.0-1005-aws": "5.4.0-1005.5", "linux-modules-5.4.0-1005-aws": "5.4.0-1005.5", "linux-image-5.4.0-1005-aws": "5.4.0-1005.5", "linux-aws-tools-5.4.0-1005": "5.4.0-1005.5", "linux-tools-5.4.0-1005-aws": "5.4.0-1005.5", "linux-aws-headers-5.4.0-1005": "5.4.0-1005.5", "linux-buildinfo-5.4.0-1005-aws": "5.4.0-1005.5", "linux-cloud-tools-5.4.0-1005-aws": "5.4.0-1005.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-azure-headers-5.4.0-1006": "5.4.0-1006.6", "linux-image-unsigned-5.4.0-1006-azure-dbgsym": "5.4.0-1006.6", "linux-cloud-tools-5.4.0-1006-azure": "5.4.0-1006.6", "linux-buildinfo-5.4.0-1006-azure": "5.4.0-1006.6", "linux-headers-5.4.0-1006-azure": "5.4.0-1006.6", "linux-azure-cloud-tools-5.4.0-1006": "5.4.0-1006.6", "linux-modules-extra-5.4.0-1006-azure": "5.4.0-1006.6", "linux-image-unsigned-5.4.0-1006-azure": "5.4.0-1006.6", "linux-azure-tools-5.4.0-1006": "5.4.0-1006.6", "linux-tools-5.4.0-1006-azure": "5.4.0-1006.6", "linux-modules-5.4.0-1006-azure": "5.4.0-1006.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-modules-5.4.0-1007-bluefield": "5.4.0-1007.10", "linux-bluefield-tools-5.4.0-1007": "5.4.0-1007.10", "linux-buildinfo-5.4.0-1007-bluefield": "5.4.0-1007.10", "linux-headers-5.4.0-1007-bluefield": "5.4.0-1007.10", "linux-bluefield-headers-5.4.0-1007": "5.4.0-1007.10", "linux-image-unsigned-5.4.0-1007-bluefield": "5.4.0-1007.10", "linux-tools-5.4.0-1007-bluefield": "5.4.0-1007.10" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-buildinfo-5.4.0-1005-gcp": "5.4.0-1005.5", "linux-image-unsigned-5.4.0-1005-gcp": "5.4.0-1005.5", "linux-modules-5.4.0-1005-gcp": "5.4.0-1005.5", "linux-tools-5.4.0-1005-gcp": "5.4.0-1005.5", "linux-modules-extra-5.4.0-1005-gcp": "5.4.0-1005.5", "linux-gcp-headers-5.4.0-1005": "5.4.0-1005.5", "linux-image-unsigned-5.4.0-1005-gcp-dbgsym": "5.4.0-1005.5", "linux-gcp-tools-5.4.0-1005": "5.4.0-1005.5", "linux-headers-5.4.0-1005-gcp": "5.4.0-1005.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-gkeop-tools-5.4.0-1008": "5.4.0-1008.9", "linux-cloud-tools-5.4.0-1008-gkeop": "5.4.0-1008.9", "linux-gkeop-source-5.4.0": "5.4.0-1008.9", "linux-headers-5.4.0-1008-gkeop": "5.4.0-1008.9", "linux-image-unsigned-5.4.0-1008-gkeop-dbgsym": "5.4.0-1008.9", "linux-modules-extra-5.4.0-1008-gkeop": "5.4.0-1008.9", "linux-image-unsigned-5.4.0-1008-gkeop": "5.4.0-1008.9", "linux-gkeop-headers-5.4.0-1008": "5.4.0-1008.9", "linux-gkeop-cloud-tools-5.4.0-1008": "5.4.0-1008.9", "linux-modules-5.4.0-1008-gkeop": "5.4.0-1008.9", "linux-tools-5.4.0-1008-gkeop": "5.4.0-1008.9", "linux-buildinfo-5.4.0-1008-gkeop": "5.4.0-1008.9" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-ibm-cloud-tools-common": "5.4.0-1003.4", "linux-ibm-tools-common": "5.4.0-1003.4", "linux-ibm-headers-5.4.0-1003": "5.4.0-1003.4", "linux-ibm-tools-5.4.0-1003": "5.4.0-1003.4", "linux-image-unsigned-5.4.0-1003-ibm": "5.4.0-1003.4", "linux-tools-5.4.0-1003-ibm": "5.4.0-1003.4", "linux-modules-5.4.0-1003-ibm": "5.4.0-1003.4", "linux-headers-5.4.0-1003-ibm": "5.4.0-1003.4", "linux-ibm-source-5.4.0": "5.4.0-1003.4", "linux-image-unsigned-5.4.0-1003-ibm-dbgsym": "5.4.0-1003.4", "linux-modules-extra-5.4.0-1003-ibm": "5.4.0-1003.4", "linux-buildinfo-5.4.0-1003-ibm": "5.4.0-1003.4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-modules-5.4.0-1001-iot": "5.4.0-1001.3", "linux-iot-tools-5.4.0-1001": "5.4.0-1001.3", "linux-iot-headers-5.4.0-1001": "5.4.0-1001.3", "linux-iot-tools-common": "5.4.0-1001.3", "linux-tools-5.4.0-1001-iot": "5.4.0-1001.3", "linux-buildinfo-5.4.0-1001-iot": "5.4.0-1001.3", "linux-image-unsigned-5.4.0-1001-iot": "5.4.0-1001.3", "linux-headers-5.4.0-1001-iot": "5.4.0-1001.3", "linux-image-unsigned-5.4.0-1001-iot-dbgsym": "5.4.0-1001.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-image-5.4.0-1004-kvm": "5.4.0-1004.4", "linux-buildinfo-5.4.0-1004-kvm": "5.4.0-1004.4", "linux-headers-5.4.0-1004-kvm": "5.4.0-1004.4", "linux-image-5.4.0-1004-kvm-dbgsym": "5.4.0-1004.4", "linux-kvm-tools-5.4.0-1004": "5.4.0-1004.4", "linux-kvm-headers-5.4.0-1004": "5.4.0-1004.4", "linux-tools-5.4.0-1004-kvm": "5.4.0-1004.4", "linux-modules-5.4.0-1004-kvm": "5.4.0-1004.4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-buildinfo-5.4.0-1005-oracle": "5.4.0-1005.5", "linux-headers-5.4.0-1005-oracle": "5.4.0-1005.5", "linux-image-unsigned-5.4.0-1005-oracle-dbgsym": "5.4.0-1005.5", "linux-oracle-tools-5.4.0-1005": "5.4.0-1005.5", "linux-modules-extra-5.4.0-1005-oracle": "5.4.0-1005.5", "linux-oracle-headers-5.4.0-1005": "5.4.0-1005.5", "linux-modules-5.4.0-1005-oracle": "5.4.0-1005.5", "linux-tools-5.4.0-1005-oracle": "5.4.0-1005.5", "linux-image-unsigned-5.4.0-1005-oracle": "5.4.0-1005.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-buildinfo-5.4.0-1007-raspi": "5.4.0-1007.7", "linux-headers-5.4.0-1007-raspi": "5.4.0-1007.7", "linux-raspi-headers-5.4.0-1007": "5.4.0-1007.7", "linux-tools-5.4.0-1007-raspi": "5.4.0-1007.7", "linux-image-5.4.0-1007-raspi": "5.4.0-1007.7", "linux-modules-5.4.0-1007-raspi": "5.4.0-1007.7", "linux-image-5.4.0-1007-raspi-dbgsym": "5.4.0-1007.7", "linux-raspi-tools-5.4.0-1007": "5.4.0-1007.7" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-modules-5.4.0-1020-xilinx-zynqmp": "5.4.0-1020.24", "linux-image-5.4.0-1020-xilinx-zynqmp": "5.4.0-1020.24", "linux-xilinx-zynqmp-headers-5.4.0-1020": "5.4.0-1020.24", "linux-xilinx-zynqmp-tools-5.4.0-1020": "5.4.0-1020.24", "linux-image-5.4.0-1020-xilinx-zynqmp-dbgsym": "5.4.0-1020.24", "linux-tools-5.4.0-1020-xilinx-zynqmp": "5.4.0-1020.24", "linux-buildinfo-5.4.0-1020-xilinx-zynqmp": "5.4.0-1020.24", "linux-headers-5.4.0-1020-xilinx-zynqmp": "5.4.0-1020.24" } ] }