CVE-2024-50095

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mad: Improve handling of timed out WRs of mad agent

Current timeout handler of mad agent acquires/releases madagentpriv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler.

This leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes

Trace:

BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767] CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE ------- --- 5.14.0-427.13.1.el94.x8664 #1 Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019 Workqueue: ibmad1 timeoutsends [ibcore] RIP: 0010:dosoftirq+0x78/0x2ac RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246 RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000 R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040 FS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? showtraceloglvl+0x1c4/0x2df ? showtraceloglvl+0x1c4/0x2df ? _irqexitrcu+0xa1/0xc0 ? watchdogtimerfn+0x1b2/0x210 ? _pfxwatchdogtimerfn+0x10/0x10 ? _hrtimerrunqueues+0x127/0x2c0 ? hrtimerinterrupt+0xfc/0x210 ? _sysvecapictimerinterrupt+0x5c/0x110 ? sysvecapictimerinterrupt+0x37/0x90 ? asmsysvecapictimerinterrupt+0x16/0x20 ? _dosoftirq+0x78/0x2ac ? _dosoftirq+0x60/0x2ac _irqexitrcu+0xa1/0xc0 sysveccallfunctionsingle+0x72/0x90 </IRQ> <TASK> asmsysveccallfunctionsingle+0x16/0x20 RIP: 0010:rawspinunlockirq+0x14/0x30 RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247 RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800 RDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538 R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c cmprocesssenderror+0x122/0x1d0 [ibcm] timeoutsends+0x1dd/0x270 [ibcore] processonework+0x1e2/0x3b0 ? _pfxworkerthread+0x10/0x10 workerthread+0x50/0x3a0 ? _pfxworkerthread+0x10/0x10 kthread+0xdd/0x100 ? _pfxkthread+0x10/0x10 retfrom_fork+0x29/0x50 </TASK>

Simplified timeout handler by creating local list of timed out WRs and invoke send handler post creating the list. The new method acquires/ releases lock once to fetch the list and hence helps to reduce locking contetiong when processing higher no. of WRs