CVE-2024-38556 kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (!4665) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Benjamin Poirier requested to merge bpoirier1/centos-stream-9:RHEL-44225-RH95 into main Jul 09, 2024

JIRA: https://issues.redhat.com/browse/RHEL-44225
CVE: CVE-2024-38556

commit 485d65e1357123a697c591a5aeb773994b247ad7
Author: Akiva Goldberger <agoldberger@nvidia.com>
Date:   Thu May 9 14:29:50 2024 +0300

    net/mlx5: Add a timeout to acquire the command queue semaphore

    Prevent forced completion handling on an entry that has not yet been
    assigned an index, causing an out of bounds access on idx = -22.
    Instead of waiting indefinitely for the sem, blocking flow now waits for
    index to be allocated or a sem acquisition timeout before beginning the
    timer for FW completion.

    Kernel log example:
    mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion

    Fixes: 8e715cd613a1 ("net/mlx5: Set command entry semaphore up once got index free")
    Signed-off-by: Akiva Goldberger <agoldberger@nvidia.com>
    Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
    Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
    Link: https://lore.kernel.org/r/20240509112951.590184-5-tariqt@nvidia.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Signed-off-by: Benjamin Poirier bpoirier@redhat.com

CVE-2024-38556 kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

Merge request reports