DEBIAN-CVE-2022-50679

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for ((i=0; i<=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g enp130s0f0 done done This resulted in crash: i40e 0000:01:00.1: Unable to allocate memory for the Rx descriptor ring, size=65536 Driver BUG WARNING: CPU: 0 PID: 4300 at net/core/xdp.c:141 xdprxqinfounreg+0x43/0x50 Call Trace: i40efreerxresources+0x70/0x80 [i40e] i40esetringparam+0x27c/0x800 [i40e] ethnlsetrings+0x1b2/0x290 genlfamilyrcvmsgdoit.isra.15+0x10f/0x150 genlfamilyrcvmsg+0xb3/0x160 ? ringsfillreply+0x1a0/0x1a0 genlrcvmsg+0x47/0x90 ? genlfamilyrcvmsg+0x160/0x160 netlinkrcvskb+0x4c/0x120 genlrcv+0x24/0x40 netlinkunicast+0x196/0x230 netlinksendmsg+0x204/0x3d0 socksendmsg+0x4c/0x50 _syssendto+0xee/0x160 ? handlemmfault+0xbe/0x1e0 ? syscalltraceenter+0x1d3/0x2c0 _x64syssendto+0x24/0x30 dosyscall64+0x5b/0x1a0 entrySYSCALL64afterhwframe+0x65/0xca RIP: 0033:0x7f5eac8b035b Missing register, driver bug WARNING: CPU: 0 PID: 4300 at net/core/xdp.c:119 xdprxqinfounregmemmodel+0x69/0x140 Call Trace: xdprxqinfounreg+0x1e/0x50 i40efreerxresources+0x70/0x80 [i40e] i40esetringparam+0x27c/0x800 [i40e] ethnlsetrings+0x1b2/0x290 genlfamilyrcvmsgdoit.isra.15+0x10f/0x150 genlfamilyrcvmsg+0xb3/0x160 ? ringsfillreply+0x1a0/0x1a0 genlrcvmsg+0x47/0x90 ? genlfamilyrcvmsg+0x160/0x160 netlinkrcvskb+0x4c/0x120 genlrcv+0x24/0x40 netlinkunicast+0x196/0x230 netlinksendmsg+0x204/0x3d0 socksendmsg+0x4c/0x50 _syssendto+0xee/0x160 ? handlemmfault+0xbe/0x1e0 ? syscalltraceenter+0x1d3/0x2c0 _x64syssendto+0x24/0x30 dosyscall64+0x5b/0x1a0 entrySYSCALL64afterhwframe+0x65/0xca RIP: 0033:0x7f5eac8b035b This was caused because of new buffers with different RX ring count should substitute older ones, but those buffers were freed in i40econfigurerxring and reallocated again with i40eallocrxbi, thus kfree on rxbi caused leak of already mapped DMA. Fix this by reallocating ZC with rxbizc struct when BPF program loads. Additionally reallocate back to rxbi when BPF program unloads. If BPF program is loaded/unloaded and XSK pools are created, reallocate RX queues accordingly in XSPSETUPXSKPOOL handler.