From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A7C74D8B0 for ; Tue, 16 Jul 2024 08:04:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721117042; cv=none; b=qg/JI9Bp6wyZIBatVsA8TwuDlwjtuMIoY7ROGGxyY9NogCl7iq2jcNe5xvd7tKcQk0sb07e5yrlRazjbObhU1SnlRBx4spipXCXFcRNrgGKB48Oznj8gTQS/LGr55iA0wa9BjMStjExPw2W38cN0pBkXC3WBWLPbQUHmdfHjU6k= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721117042; c=relaxed/simple; bh=t3Vqn9pu32w+tSUUOO2QICx1Mj2RL5KQdxMOs9TXZ1U=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=g9v7Rr/d9WTjMh0KuKtzZo+51NPEIKpfRPQM+JYKcapBMK4SHHkvqvlQNfSxEcCANaV87R1w/ykqaZDrEWZi7BLO+Te9AQq8AYopifbUd0Ffm7oEX5gveoUlKH79yJOVffoSTvsAbjRqU3H3qU+BU1YQ5eYXd4MYLM7qLCtGbm4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uTbputsl; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uTbputsl" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 945C2C116B1; Tue, 16 Jul 2024 08:04:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721117042; bh=t3Vqn9pu32w+tSUUOO2QICx1Mj2RL5KQdxMOs9TXZ1U=; h=From:To:Cc:Subject:Date:Reply-to:From; b=uTbputslMPG0N383+y2uQUjk0KAzbN9e8tSciloqG/nineAYr1aguS1zFQHVQEjap 1uml82gLgt3CTwyfX4ECZlBeFL/7hjMeudmDb1TyT76DwpzNlUW3oi6nqxFXLi1lI1 e8O2Sl4U1lQdHbd73WPceA5vh+kUq/bo61Rb+XNBdAN2qA7wOtVxJjiCC1FTvFVDBY bqp9W2sr81rvVvubqLKv1+e8aZNmw1TmkcupsUxt5Y9Arm5rO/kOJUTkGzcgmesICb srFViMLLdQQrfeR8pUnipk+N/tyyTX6L7tgXHE+IRJd8l7pURNeEq3S1QKD+dKgjkz zI/5Gi7pPkuDg== From: Lee Jones To: linux-cve-announce@vger.kernel.org Cc: Lee Jones Subject: CVE-2024-41008: drm/amdgpu: change vm->task_info handling Date: Tue, 16 Jul 2024 09:03:58 +0100 Message-ID: <20240716080357.2696435-2-lee@kernel.org> X-Mailer: git-send-email 2.45.2.993.g49e7a77208-goog Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=3076; i=lee@kernel.org; h=from:subject; bh=t3Vqn9pu32w+tSUUOO2QICx1Mj2RL5KQdxMOs9TXZ1U=; b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBmliltCXI/0Haobu9B/GJ4eyFClLT4vIjp8lpPe ZvWHTmsBdeJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZpYpbQAKCRBRr4ovh/x3 YSF3EACXKbqYP3m5uug/rMJfGcaptP3eKqTDvvkphrYQxbpeVM0ipgCFyI1Tpxm4cfYPjlyxqXE KPCzlE4xWhKknHsiqcFi1EN+61Y5HNUQAAKhuI257M5gWPc6BcODC+QREKMRH2Ra6ZWNQ9MTFbU JdT40Glg+tHcjN8an58BMPcmvlDOUKM9bgqkGBbAM8H6/HKe60EHd4XhakPNQPY5DpvRbzArVKG CgA3EqhmXOaVQCnlp9gxVrnV91ynyNfUnu5FPL5ccMPD3o5YKG2ZLsldw3SLTagN/zjLrgUZ+Ec E9kCDeGV4wQsfUedn56PSxaT87nYVFFv0u5WaZlT1lAZ2FNVov4usx7kE+o0fyIU7ReO4e3/HKR 7YLPxfUVeK29FbyD6hN1x92NMeaa7pBJSoVbKiB4l7PjDcB0BH6jTZv99rtm/P8c/WiPTFvpxzG guJAtQI6a2TNtKw8LH38PYGMklFjm1SdvAgf3OQQ8+RiL9afYqpKkP17UqUOr6vBAB4gkImspGv 0Wg5+otPEydr8TV05KPQ8ulGuJ38GRCoCpKI39AcaFEoD3hhR3k+Bt3sv6F3rfDGRbs4OrajPcX xscIkdwk22XCOtHRtfuirv5swOjbWBFCroZ4LFw1r0Hu4BrvtHErd1oK4oIlnv7KXmtS3rkDOHx 1wNFJ+TPOZoyapg== X-Developer-Key: i=lee@kernel.org; a=openpgp; fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major changes are: - vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted. - introducing two new helper funcs for task_info lifecycle management - amdgpu_vm_get_task_info: reference counts up task_info before returning this info - amdgpu_vm_put_task_info: reference counts down task_info - last put to task_info() frees task_info from the vm. This patch also does logistical changes required for existing usage of vm->task_info. V2: Do not block all the prints when task_info not found (Felix) V3: Fixed review comments from Felix - Fix wrong indentation - No debug message for -ENOMEM - Add NULL check for task_info - Do not duplicate the debug messages (ti vs no ti) - Get first reference of task_info in vm_init(), put last in vm_fini() V4: Fixed review comments from Felix - fix double reference increment in create_task_info - change amdgpu_vm_get_task_info_pasid - additional changes in amdgpu_gem.c while porting The Linux kernel CVE team has assigned CVE-2024-41008 to this issue. Affected and fixed versions =========================== Fixed in 6.9 with commit b8f67b9ddf4f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-41008 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c drivers/gpu/drm/amd/amdgpu/amdgpu_job.c drivers/gpu/drm/amd/amdgpu/amdgpu_reset.c drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c