CVE-2022-50671: RDMA/rxe: Fix "kernel NULL pointer dereference" error

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix "kernel NULL pointer dereference" error

When rxe_queue_init in the function rxe_qp_init_req fails,
both qp->req.task.func and qp->req.task.arg are not initialized.

Because of creation of qp fails, the function rxe_create_qp will
call rxe_qp_do_cleanup to handle allocated resource.

Before calling __rxe_do_task, both qp->req.task.func and
qp->req.task.arg should be checked.

The Linux kernel CVE team has assigned CVE-2022-50671 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.9.331 with commit 48cd7098e71735ccafa0b3cf27c53924f9cb5b2f
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.14.296 with commit eca119693010032d6cc6e7e9b4fb2c363c7e12ce
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.19.262 with commit 9c5dd6993c794703e74c6ba17ac78ca0211ef940
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.4.220 with commit 0d773c58d702f0a7c16ee8d69617fd2c28350795
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.10.150 with commit cdce36a88def550773142a34ef727a830cad96a8
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.15.75 with commit f2f405af70e6f0419e718d23fa304798a5405c41
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.19.17 with commit bb33fa65da77f5f02dbee6f25cebaeedfcd70028
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 6.0.3 with commit 3b8752f086eb6865cc3662ad13249b03024501e5
	Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 6.1 with commit a625ca30eff806395175ebad3ac1399014bdb280

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-50671
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/infiniband/sw/rxe/rxe_qp.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/48cd7098e71735ccafa0b3cf27c53924f9cb5b2f
	https://git.kernel.org/stable/c/eca119693010032d6cc6e7e9b4fb2c363c7e12ce
	https://git.kernel.org/stable/c/9c5dd6993c794703e74c6ba17ac78ca0211ef940
	https://git.kernel.org/stable/c/0d773c58d702f0a7c16ee8d69617fd2c28350795
	https://git.kernel.org/stable/c/cdce36a88def550773142a34ef727a830cad96a8
	https://git.kernel.org/stable/c/f2f405af70e6f0419e718d23fa304798a5405c41
	https://git.kernel.org/stable/c/bb33fa65da77f5f02dbee6f25cebaeedfcd70028
	https://git.kernel.org/stable/c/3b8752f086eb6865cc3662ad13249b03024501e5
	https://git.kernel.org/stable/c/a625ca30eff806395175ebad3ac1399014bdb280