RDMA/srpt: Do not register event handler until srpt device is fully setup (!4083) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Kamal Heib requested to merge kheib/centos-stream-9:RHEL-33226 into main Apr 18, 2024

JIRA: https://issues.redhat.com/browse/RHEL-33226

CVE: CVE-2024-26872

commit c21a8870c98611e8f892511825c9607f1e2cd456
Author: William Kucharski william.kucharski@oracle.com
Date: Fri Feb 2 02:15:49 2024 -0700

RDMA/srpt: Do not register event handler until srpt device is fully setup  

Upon rare occasions, KASAN reports a use-after-free Write  
in srpt_refresh_port().  

This seems to be because an event handler is registered before the  
srpt device is fully setup and a race condition upon error may leave a  
partially setup event handler in place.  

Instead, only register the event handler after srpt device initialization  
is complete.  

Fixes: a42d985bd5b2 ("ib_srpt: Initial SRP Target merge for v3.3-rc1")  
Signed-off-by: William Kucharski <william.kucharski@oracle.com>  
Link: https://lore.kernel.org/r/20240202091549.991784-2-william.kucharski@oracle.com  
Reviewed-by: Bart Van Assche <bvanassche@acm.org>  
Signed-off-by: Leon Romanovsky <leon@kernel.org>

Signed-off-by: Kamal Heib kheib@redhat.com

Edited Apr 24, 2024 by Kamal Heib

RDMA/srpt: Do not register event handler until srpt device is fully setup

Merge request reports