CVE-2022-50712

Summary

In the Linux kernel, the following vulnerability has been resolved:

devlink: hold region lock when flushing snapshots

Netdevsim triggers a splat on reload, when it destroys regions with snapshots pending:

WARNING: CPU: 1 PID: 787 at net/core/devlink.c:6291 devlink_region_snapshot_del+0x12e/0x140 CPU: 1 PID: 787 Comm: devlink Not tainted 6.1.0-07460-g7ae9888d6e1c #580 RIP: 0010:devlink_region_snapshot_del+0x12e/0x140 Call Trace: <TASK> devl_region_destroy+0x70/0x140 nsim_dev_reload_down+0x2f/0x60 [netdevsim] devlink_reload+0x1f7/0x360 devlink_nl_cmd_reload+0x6ce/0x860 genl_family_rcv_msg_doit.isra.0+0x145/0x1c0

This is the locking assert in devlink_region_snapshot_del(), we're supposed to be holding the region->snapshot_lock here.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2dec18ad826f52658f7781ee995d236cc449b678 < 49383d4e59bb704341aaa1d51440ccce58270e61affected
LinuxLinux2dec18ad826f52658f7781ee995d236cc449b678 < 6298cab4d80bfdb6fe01fe31fd9f0ba26317fdaeaffected
LinuxLinux2dec18ad826f52658f7781ee995d236cc449b678 < b4cafb3d2c740f8d1b1234b43ac4a60e5291c960affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References