The following commit is needed to fix CVE-2022-3108: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Jiasheng Jiang (1): drm/amdkfd: Check for null pointer after calling kmemdup
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
base-commit: c652c812211c7a427d16be1d3f904eb02eb4265f
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com --- drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c index e2780643f4c3..b05ca3e639b1 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c @@ -397,6 +397,9 @@ static int kfd_parse_subtype_iolink(struct crat_subtype_iolink *iolink, return -ENODEV; /* same everything but the other direction */ props2 = kmemdup(props, sizeof(*props2), GFP_KERNEL); + if (!props2) + return -ENOMEM; + props2->node_from = id_to; props2->node_to = id_from; props2->kobj = NULL;
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer kernel releases, right?
Please provide backports for all kernels if you really need to see this merged. And note, it's not a real bug at all, and given that a CVE was allocated for it that makes me want to even more reject it to show the whole folly of that mess.
thanks,
greg k-h
Am 04.01.23 um 13:41 schrieb Greg KH:
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer kernel releases, right?
Please provide backports for all kernels if you really need to see this merged. And note, it's not a real bug at all, and given that a CVE was allocated for it that makes me want to even more reject it to show the whole folly of that mess.
Well as far as I can see this is nonsense to back port.
The code in question is only used only once during driver load and then never again, that exactly this allocation fails while tons of other are made before and after is extremely unlikely.
It's nice to have it fixed in newer kernels, but not worth a backport and certainly not stuff for a CVE.
Regards, Christian.
thanks,
greg k-h
On Wed, Jan 4, 2023 at 8:23 AM Christian König christian.koenig@amd.com wrote:
Am 04.01.23 um 13:41 schrieb Greg KH:
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer kernel releases, right?
Please provide backports for all kernels if you really need to see this merged. And note, it's not a real bug at all, and given that a CVE was allocated for it that makes me want to even more reject it to show the whole folly of that mess.
Well as far as I can see this is nonsense to back port.
The code in question is only used only once during driver load and then never again, that exactly this allocation fails while tons of other are made before and after is extremely unlikely.
It's nice to have it fixed in newer kernels, but not worth a backport and certainly not stuff for a CVE.
It's already fixed in Linus' tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Alex
Regards, Christian.
thanks,
greg k-h
On Wed, Jan 04, 2023 at 09:35:03AM -0500, Alex Deucher wrote:
On Wed, Jan 4, 2023 at 8:23 AM Christian König christian.koenig@amd.com wrote:
Am 04.01.23 um 13:41 schrieb Greg KH:
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer kernel releases, right?
Please provide backports for all kernels if you really need to see this merged. And note, it's not a real bug at all, and given that a CVE was allocated for it that makes me want to even more reject it to show the whole folly of that mess.
Well as far as I can see this is nonsense to back port.
The code in question is only used only once during driver load and then never again, that exactly this allocation fails while tons of other are made before and after is extremely unlikely.
It's nice to have it fixed in newer kernels, but not worth a backport and certainly not stuff for a CVE.
It's already fixed in Linus' tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Yes, that's what the above commit shows...
confused,
greg k-h
On 04.01.2023 16:48, Greg KH wrote:
On Wed, Jan 04, 2023 at 09:35:03AM -0500, Alex Deucher wrote:
On Wed, Jan 4, 2023 at 8:23 AM Christian König christian.koenig@amd.com wrote:
Am 04.01.23 um 13:41 schrieb Greg KH:
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer kernel releases, right?
Please provide backports for all kernels if you really need to see this merged. And note, it's not a real bug at all, and given that a CVE was allocated for it that makes me want to even more reject it to show the whole folly of that mess.
Well as far as I can see this is nonsense to back port.
The code in question is only used only once during driver load and then never again, that exactly this allocation fails while tons of other are made before and after is extremely unlikely.
It's nice to have it fixed in newer kernels, but not worth a backport and certainly not stuff for a CVE.
It's already fixed in Linus' tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Yes, that's what the above commit shows...
confused,
greg k-h
Just for completeness, I also sent out patches for 5.4 and 5.10 stable branches. 5.15 stable branch already has this change: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
Dragos
On Wed, Jan 04, 2023 at 08:05:57PM +0200, Dragos-Marian Panait wrote:
On 04.01.2023 16:48, Greg KH wrote:
On Wed, Jan 04, 2023 at 09:35:03AM -0500, Alex Deucher wrote:
On Wed, Jan 4, 2023 at 8:23 AM Christian König christian.koenig@amd.com wrote:
Am 04.01.23 um 13:41 schrieb Greg KH:
On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
From: Jiasheng Jiang jiasheng@iscas.ac.cn
[ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
As the possible failure of the allocation, kmemdup() may return NULL pointer. Therefore, it should be better to check the 'props2' in order to prevent the dereference of NULL pointer.
Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs") Signed-off-by: Jiasheng Jiang jiasheng@iscas.ac.cn Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Felix Kuehling Felix.Kuehling@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Dragos-Marian Panait dragos.panait@windriver.com
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+)
For obvious reasons, I can't take a patch for 4.19.y and not newer kernel releases, right?
Please provide backports for all kernels if you really need to see this merged. And note, it's not a real bug at all, and given that a CVE was allocated for it that makes me want to even more reject it to show the whole folly of that mess.
Well as far as I can see this is nonsense to back port.
The code in question is only used only once during driver load and then never again, that exactly this allocation fails while tons of other are made before and after is extremely unlikely.
It's nice to have it fixed in newer kernels, but not worth a backport and certainly not stuff for a CVE.
It's already fixed in Linus' tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Yes, that's what the above commit shows...
confused,
greg k-h
Just for completeness, I also sent out patches for 5.4 and 5.10 stable branches. 5.15 stable branch already has this change: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
Again, this is not a real bug and someone needs to go and invalidate that CVE so you don't have to worry about it anymore. I suggest that you do that if your company cares about tracking CVEs.
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Alex Deucher -
Christian König -
Dragos-Marian Panait -
Greg KH