The following commit is needed to fix CVE-2022-3108:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abfaf0eee97925905e742aa3b0b72e04a918fa9e
Jiasheng Jiang (1):
drm/amdkfd: Check for null pointer after calling kmemdup
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
1 file changed, 3 insertions(+)
base-commit: c652c812211c7a427d16be1d3f904eb02eb4265f
--
2.38.1
From: Jiasheng Jiang <[email protected]>
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL
pointer.
Therefore, it should be better to check the 'props2' in order to prevent
the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
Signed-off-by: Jiasheng Jiang <[email protected]>
Reviewed-by: Felix Kuehling <[email protected]>
Signed-off-by: Felix Kuehling <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Dragos-Marian Panait <[email protected]>
---
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
index e2780643f4c3..b05ca3e639b1 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
@@ -397,6 +397,9 @@ static int kfd_parse_subtype_iolink(struct crat_subtype_iolink *iolink,
return -ENODEV;
/* same everything but the other direction */
props2 = kmemdup(props, sizeof(*props2), GFP_KERNEL);
+ if (!props2)
+ return -ENOMEM;
+
props2->node_from = id_to;
props2->node_to = id_from;
props2->kobj = NULL;
--
2.38.1
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
> From: Jiasheng Jiang <[email protected]>
>
> [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
>
> As the possible failure of the allocation, kmemdup() may return NULL
> pointer.
> Therefore, it should be better to check the 'props2' in order to prevent
> the dereference of NULL pointer.
>
> Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
> Signed-off-by: Jiasheng Jiang <[email protected]>
> Reviewed-by: Felix Kuehling <[email protected]>
> Signed-off-by: Felix Kuehling <[email protected]>
> Signed-off-by: Alex Deucher <[email protected]>
> Signed-off-by: Dragos-Marian Panait <[email protected]>
> ---
> drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
> 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer
kernel releases, right?
Please provide backports for all kernels if you really need to see this
merged. And note, it's not a real bug at all, and given that a CVE was
allocated for it that makes me want to even more reject it to show the
whole folly of that mess.
thanks,
greg k-h
On Tue, Jan 03, 2023 at 08:43:07PM +0200, Dragos-Marian Panait wrote:
> The following commit is needed to fix CVE-2022-3108:
That's a funny cve, given that you can not ever trigger it in a system,
right? Why was a CVE allocated for that?
{sigh}
Am 04.01.23 um 13:41 schrieb Greg KH:
> On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
>> From: Jiasheng Jiang <[email protected]>
>>
>> [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
>>
>> As the possible failure of the allocation, kmemdup() may return NULL
>> pointer.
>> Therefore, it should be better to check the 'props2' in order to prevent
>> the dereference of NULL pointer.
>>
>> Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
>> Signed-off-by: Jiasheng Jiang <[email protected]>
>> Reviewed-by: Felix Kuehling <[email protected]>
>> Signed-off-by: Felix Kuehling <[email protected]>
>> Signed-off-by: Alex Deucher <[email protected]>
>> Signed-off-by: Dragos-Marian Panait <[email protected]>
>> ---
>> drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
>> 1 file changed, 3 insertions(+)
> For obvious reasons, I can't take a patch for 4.19.y and not newer
> kernel releases, right?
>
> Please provide backports for all kernels if you really need to see this
> merged. And note, it's not a real bug at all, and given that a CVE was
> allocated for it that makes me want to even more reject it to show the
> whole folly of that mess.
Well as far as I can see this is nonsense to back port.
The code in question is only used only once during driver load and then
never again, that exactly this allocation fails while tons of other are
made before and after is extremely unlikely.
It's nice to have it fixed in newer kernels, but not worth a backport
and certainly not stuff for a CVE.
Regards,
Christian.
>
> thanks,
>
> greg k-h
On Wed, Jan 4, 2023 at 8:23 AM Christian König <[email protected]> wrote:
>
> Am 04.01.23 um 13:41 schrieb Greg KH:
> > On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
> >> From: Jiasheng Jiang <[email protected]>
> >>
> >> [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
> >>
> >> As the possible failure of the allocation, kmemdup() may return NULL
> >> pointer.
> >> Therefore, it should be better to check the 'props2' in order to prevent
> >> the dereference of NULL pointer.
> >>
> >> Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
> >> Signed-off-by: Jiasheng Jiang <[email protected]>
> >> Reviewed-by: Felix Kuehling <[email protected]>
> >> Signed-off-by: Felix Kuehling <[email protected]>
> >> Signed-off-by: Alex Deucher <[email protected]>
> >> Signed-off-by: Dragos-Marian Panait <[email protected]>
> >> ---
> >> drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> > For obvious reasons, I can't take a patch for 4.19.y and not newer
> > kernel releases, right?
> >
> > Please provide backports for all kernels if you really need to see this
> > merged. And note, it's not a real bug at all, and given that a CVE was
> > allocated for it that makes me want to even more reject it to show the
> > whole folly of that mess.
>
> Well as far as I can see this is nonsense to back port.
>
> The code in question is only used only once during driver load and then
> never again, that exactly this allocation fails while tons of other are
> made before and after is extremely unlikely.
>
> It's nice to have it fixed in newer kernels, but not worth a backport
> and certainly not stuff for a CVE.
It's already fixed in Linus' tree:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abfaf0eee97925905e742aa3b0b72e04a918fa9e
Alex
>
> Regards,
> Christian.
>
>
> >
> > thanks,
> >
> > greg k-h
>
On Wed, Jan 04, 2023 at 09:35:03AM -0500, Alex Deucher wrote:
> On Wed, Jan 4, 2023 at 8:23 AM Christian K?nig <[email protected]> wrote:
> >
> > Am 04.01.23 um 13:41 schrieb Greg KH:
> > > On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
> > >> From: Jiasheng Jiang <[email protected]>
> > >>
> > >> [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
> > >>
> > >> As the possible failure of the allocation, kmemdup() may return NULL
> > >> pointer.
> > >> Therefore, it should be better to check the 'props2' in order to prevent
> > >> the dereference of NULL pointer.
> > >>
> > >> Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
> > >> Signed-off-by: Jiasheng Jiang <[email protected]>
> > >> Reviewed-by: Felix Kuehling <[email protected]>
> > >> Signed-off-by: Felix Kuehling <[email protected]>
> > >> Signed-off-by: Alex Deucher <[email protected]>
> > >> Signed-off-by: Dragos-Marian Panait <[email protected]>
> > >> ---
> > >> drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
> > >> 1 file changed, 3 insertions(+)
> > > For obvious reasons, I can't take a patch for 4.19.y and not newer
> > > kernel releases, right?
> > >
> > > Please provide backports for all kernels if you really need to see this
> > > merged. And note, it's not a real bug at all, and given that a CVE was
> > > allocated for it that makes me want to even more reject it to show the
> > > whole folly of that mess.
> >
> > Well as far as I can see this is nonsense to back port.
> >
> > The code in question is only used only once during driver load and then
> > never again, that exactly this allocation fails while tons of other are
> > made before and after is extremely unlikely.
> >
> > It's nice to have it fixed in newer kernels, but not worth a backport
> > and certainly not stuff for a CVE.
>
> It's already fixed in Linus' tree:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abfaf0eee97925905e742aa3b0b72e04a918fa9e
Yes, that's what the above commit shows...
confused,
greg k-h
On 04.01.2023 16:48, Greg KH wrote:
> On Wed, Jan 04, 2023 at 09:35:03AM -0500, Alex Deucher wrote:
>> On Wed, Jan 4, 2023 at 8:23 AM Christian König <[email protected]> wrote:
>>> Am 04.01.23 um 13:41 schrieb Greg KH:
>>>> On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
>>>>> From: Jiasheng Jiang <[email protected]>
>>>>>
>>>>> [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
>>>>>
>>>>> As the possible failure of the allocation, kmemdup() may return NULL
>>>>> pointer.
>>>>> Therefore, it should be better to check the 'props2' in order to prevent
>>>>> the dereference of NULL pointer.
>>>>>
>>>>> Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
>>>>> Signed-off-by: Jiasheng Jiang <[email protected]>
>>>>> Reviewed-by: Felix Kuehling <[email protected]>
>>>>> Signed-off-by: Felix Kuehling <[email protected]>
>>>>> Signed-off-by: Alex Deucher <[email protected]>
>>>>> Signed-off-by: Dragos-Marian Panait <[email protected]>
>>>>> ---
>>>>> drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
>>>>> 1 file changed, 3 insertions(+)
>>>> For obvious reasons, I can't take a patch for 4.19.y and not newer
>>>> kernel releases, right?
>>>>
>>>> Please provide backports for all kernels if you really need to see this
>>>> merged. And note, it's not a real bug at all, and given that a CVE was
>>>> allocated for it that makes me want to even more reject it to show the
>>>> whole folly of that mess.
>>> Well as far as I can see this is nonsense to back port.
>>>
>>> The code in question is only used only once during driver load and then
>>> never again, that exactly this allocation fails while tons of other are
>>> made before and after is extremely unlikely.
>>>
>>> It's nice to have it fixed in newer kernels, but not worth a backport
>>> and certainly not stuff for a CVE.
>> It's already fixed in Linus' tree:
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abfaf0eee97925905e742aa3b0b72e04a918fa9e
> Yes, that's what the above commit shows...
>
> confused,
>
> greg k-h
Just for completeness, I also sent out patches for 5.4 and 5.10 stable
branches.
5.15 stable branch already has this change:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=5609b7803947eea1711516dd8659c7ed39f5a868
Dragos
On Wed, Jan 04, 2023 at 08:05:57PM +0200, Dragos-Marian Panait wrote:
>
> On 04.01.2023 16:48, Greg KH wrote:
> > On Wed, Jan 04, 2023 at 09:35:03AM -0500, Alex Deucher wrote:
> > > On Wed, Jan 4, 2023 at 8:23 AM Christian K?nig <[email protected]> wrote:
> > > > Am 04.01.23 um 13:41 schrieb Greg KH:
> > > > > On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
> > > > > > From: Jiasheng Jiang <[email protected]>
> > > > > >
> > > > > > [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
> > > > > >
> > > > > > As the possible failure of the allocation, kmemdup() may return NULL
> > > > > > pointer.
> > > > > > Therefore, it should be better to check the 'props2' in order to prevent
> > > > > > the dereference of NULL pointer.
> > > > > >
> > > > > > Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
> > > > > > Signed-off-by: Jiasheng Jiang <[email protected]>
> > > > > > Reviewed-by: Felix Kuehling <[email protected]>
> > > > > > Signed-off-by: Felix Kuehling <[email protected]>
> > > > > > Signed-off-by: Alex Deucher <[email protected]>
> > > > > > Signed-off-by: Dragos-Marian Panait <[email protected]>
> > > > > > ---
> > > > > > drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
> > > > > > 1 file changed, 3 insertions(+)
> > > > > For obvious reasons, I can't take a patch for 4.19.y and not newer
> > > > > kernel releases, right?
> > > > >
> > > > > Please provide backports for all kernels if you really need to see this
> > > > > merged. And note, it's not a real bug at all, and given that a CVE was
> > > > > allocated for it that makes me want to even more reject it to show the
> > > > > whole folly of that mess.
> > > > Well as far as I can see this is nonsense to back port.
> > > >
> > > > The code in question is only used only once during driver load and then
> > > > never again, that exactly this allocation fails while tons of other are
> > > > made before and after is extremely unlikely.
> > > >
> > > > It's nice to have it fixed in newer kernels, but not worth a backport
> > > > and certainly not stuff for a CVE.
> > > It's already fixed in Linus' tree:
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abfaf0eee97925905e742aa3b0b72e04a918fa9e
> > Yes, that's what the above commit shows...
> >
> > confused,
> >
> > greg k-h
> Just for completeness, I also sent out patches for 5.4 and 5.10 stable
> branches.
> 5.15 stable branch already has this change: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=5609b7803947eea1711516dd8659c7ed39f5a868
Again, this is not a real bug and someone needs to go and invalidate
that CVE so you don't have to worry about it anymore. I suggest that
you do that if your company cares about tracking CVEs.
thanks,
greg k-h