Oracle Linux: (CVE-2024-35960) (Multiple Advisories): kernel security and bug fix update

Description

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Properly link new fs rules into the tree

Previously, add_rule_fg would only add newly created rules from the

handle into the tree when they had a refcount of 1. On the other hand,

create_flow_handle tries hard to find and reference already existing

identical rules instead of creating new ones.

These two behaviors can result in a situation where create_flow_handle

1) creates a new rule and references it, then

2) in a subsequent step during the same handle creation references it

again,

resulting in a rule with a refcount of 2 that is not linked into the

tree, will have a NULL parent and root and will result in a crash when

the flow group is deleted because del_sw_hw_rule, invoked on rule

deletion, assumes node->parent is != NULL.

This happened in the wild, due to another bug related to incorrect

handling of duplicate pkt_reformat ids, which lead to the code in

create_flow_handle incorrectly referencing a just-added rule in the same

flow handle, resulting in the problem described above. Full details are

at [1].

This patch changes add_rule_fg to add new rules without parents into

the tree, properly initializing them and avoiding the crash. This makes

it more consistent with how rules are added to an FTE in

create_flow_handle.